SSL/TLS

x-509#PKI
ssl-tls-free-certs

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.

What is SSL (Secure Sockets Layer)? | Cloudflare
What is Transport Layer Security (TLS)? | Cloudflare
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today | Heroku
SSL: Secure Sockets Layer from SSL to TLS 1.2
Exploring HTTPS With Python – Real Python
What are SSL/TLS Certificates? Why do we Need them? and How do they Work? - YouTube

Transport Layer Security (TLS) - Computerphile - YouTube

HTTPS: an awesome, secure tale (pt 1) | by Omer Goldberg | Bits and Pieces

ESNI: A Privacy-Protecting Upgrade to HTTPS | Electronic Frontier Foundation
Server Name Indication - Wikiwand multi-tenants on the same IP

Cloudflare now uses post-quantum cryptography to talk to your origin server

Toolkits:

HTTPS Is Easy!
Is TLS Fast Yet?
ImperialViolet - Overclocking SSL HTTPS is fast since 2010
ImperialViolet - Public key pinning
Survival Guide - TLS/SSL and SSL (X.509) Certificates (CA-signed and Self-Signed)
Rolling out Public Key Pinning with HPKP Reporting — Google Web Updates
SSL: it’s hard to do right | The Recompiler
Nick Craver - HTTPS on Stack Overflow: The End of a Long Road
Networking 101: Transport Layer Security (TLS) - High Performance Browser Networking (O'Reilly)

How the NSA (may have) put a backdoor in RSA’s cryptography: A technical primer | Ars Technica
Critics slam SSL authority for minting certificate for impersonating sites | Ars Technica
Web served, part 2: Securing things with SSL/TLS | Ars Technica

Deploying HTTPS: The Green Lock and Beyond (Chrome Dev Summit 2015) - YouTube
Mythbusting HTTPS: Squashing security’s urban legends - Google I/O 2016 - YouTube

Standards

TLS 1.0 = SSL 3.1 (1999)
TLS 1.1 = SSL 3.2 (2006)
TLS 1.2 = SSL 3.3 (2008)
TLS 1.3 = SSL 3.4 (2018)

Transport Layer Security (tls)

RFC 8446 - The Transport Layer Security (TLS) Protocol Version 1.3
RFC 9147 - The Datagram Transport Layer Security (DTLS) Protocol Version 1.3
RFC 6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0
Transport Layer Security (TLS) Parameters
draft-ietf-tls-rfc8446bis-12 update
draft-ietf-tls-rfc9147bis-00 update

TLS v1.3

allow client's guessing of keyshares to reduce one round trip
reduces supported ciphers, uses only AEAD Algorithms
draft-irtf-cfrg-aead-properties-09 - Properties of AEAD Algorithms
Authenticated Encryption with Associated Data (AEAD) | Tink | Google for Developers
Authenticated encryption — Cryptography documentation
Encrypt-Then-MAC by default
The client and the server then exchange two keys: one for the encryption and another for the verification
advertise itself as 1.2 since revision 22 to increase adoption and avoid ossification in middlebox
A Cryptographic Analysis of the TLS 1.3 Handshake Protocol

RFC 7301 - Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension ALPN, allows applications to use the existing, secure communications links
RFC 7918 - Transport Layer Security (TLS) False Start
RFC 7925 - Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things
RFC 8449 - Record Size Limit Extension for TLS
RFC 9325 - Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
draft-ietf-tls-keylogfile-03 SSLKEYLOGFILE
draft-ietf-tls-extended-key-update-04 - Extended Key Update for Transport Layer Security (TLS) 1.3
draft-ietf-tls-ctls-10 expired draft

Transport Layer Security, TLS 1.2 and 1.3 (Explained by Example) - YouTube
Understanding TLS 1.2 and TLS 1.3 | Encryption Consulting
A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
Why TLS 1.3 is a Huge Improvement | Venafi
TLS 1.3 » ADMIN Magazine
A Detailed Look at RFC 8446 (a.k.a. TLS 1.3) ❗!important

RFC 8701 - Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility to help identify protocol ossification in middlebox
tldr.fail middlebox fails to handle large ClientHello

Handshake

TLS Handshake Explained - Computerphile - YouTube
The SSL/TLS Handshake: an Overview – SSL Information and FAQ
File:Ssl handshake with two way authentication with certificates.png - Wikimedia Commons
TLS Handshake For Secure Communications Over The Internet
SSH Handshake – Why Abhinav?
What is a TLS Handshake and How Does it Work? | Venafi 0-RTT

What happens in a TLS handshake? | SSL handshake | Cloudflare
What is a session key? | Session keys and TLS handshakes | Cloudflare

SessionTicket replaces SessionID for session resumption in RFC 5077 - Transport Layer Security (TLS) Session Resumption without Server-Side State
a.k.a. session caching, stateless resumption
Session data is encrypted with a secret key known only by the server

Good-bye ESNI, hello ECH! Encrypted Client Hello, replaces Encrypted SNI
Decoding TLS Encrypted Client Hello extension | Thibaut Probst

Command Line Fanatic
How SSL Certificates Use Digital Signatures
A Walkthrough of a TLS 1.3 Handshake
The TLS Handshake at a High Level TLS v1.2, Diffie Hellman protocol, MAC, PKI
A walk-through of an SSL handshake
A walk-through of an SSL key exchange
A walk-through of an SSL Certificate Exchange

sequenceDiagram
    participant C as Client
    participant S as Server

    Note over C,S: TLS 1.3 Handshake
    C->>S: Client Hello<br/>(Version: TLS 1.2, Supported Versions: 1.3)<br/>Cipher Suites & Key Share
    S->>C: Server Hello<br/>(Encrypted)<br/>Selected Cipher Suite & Key Share
    Note over C,S: Key Exchange Phase
    S->>C: Certificate<br/>(with Public Key)
    C->>C: Verify Certificate<br/>with CA
    Note over C,S: Key Exchange Phase
    C->>S: Session Key Agreement<br/>(using RSA)
    C->>C: Generate Master Secret
    C->>S: Finished (Encrypted)
    S->>S: Generate Master Secret
    S->>C: Finished (Encrypted)