Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. TLS ensures confidentiality and authentication for the parties.
What is SSL (Secure Sockets Layer)? | Cloudflare
What is Transport Layer Security (TLS)? | Cloudflare
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today | Heroku
SSL: Secure Sockets Layer from SSL to TLS 1.2
Exploring HTTPS With Python – Real Python
What are SSL/TLS Certificates? Why do we Need them? and How do they Work? - YouTube
Transport Layer Security (TLS) - Computerphile - YouTube
HTTPS: an awesome, secure tale (pt 1) | by Omer Goldberg | Bits and Pieces
ESNI: A Privacy-Protecting Upgrade to HTTPS | Electronic Frontier Foundation
Server Name Indication - Wikiwand multi-tenants on the same IP
Cloudflare now uses post-quantum cryptography to talk to your origin server
Toolkits:
HTTPS Is Easy!
Is TLS Fast Yet?
ImperialViolet - Overclocking SSL HTTPS is fast since 2010
ImperialViolet - Public key pinning
Survival Guide - TLS/SSL and SSL (X.509) Certificates (CA-signed and Self-Signed)
Rolling out Public Key Pinning with HPKP Reporting — Google Web Updates
SSL: it’s hard to do right | The Recompiler
Nick Craver - HTTPS on Stack Overflow: The End of a Long Road
Networking 101: Transport Layer Security (TLS) - High Performance Browser Networking (O'Reilly)
How the NSA (may have) put a backdoor in RSA’s cryptography: A technical primer | Ars Technica
Critics slam SSL authority for minting certificate for impersonating sites | Ars Technica
Web served, part 2: Securing things with SSL/TLS | Ars Technica
Deploying HTTPS: The Green Lock and Beyond (Chrome Dev Summit 2015) - YouTube
Mythbusting HTTPS: Squashing security’s urban legends - Google I/O 2016 - YouTube
Standards
TLS 1.0 = SSL 3.1 (1999)
TLS 1.1 = SSL 3.2 (2006)
TLS 1.2 = SSL 3.3 (2008)
TLS 1.3 = SSL 3.4 (2018)
Transport Layer Security (tls)
RFC 8446 - The Transport Layer Security (TLS) Protocol Version 1.3
RFC 9147 - The Datagram Transport Layer Security (DTLS) Protocol Version 1.3
RFC 6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0
Transport Layer Security (TLS) Parameters
draft-ietf-tls-rfc8446bis-12 update
draft-ietf-tls-rfc9147bis-00 update
TLS v1.3
- allow client's guessing of keyshares to reduce one round trip
- reduces supported ciphers, uses only AEAD Algorithms
draft-irtf-cfrg-aead-properties-09 - Properties of AEAD Algorithms
Authenticated Encryption with Associated Data (AEAD) | Tink | Google for Developers
Authenticated encryption — Cryptography documentation - Encrypt-Then-MAC by default
- The client and the server then exchange two keys: one for the encryption and another for the verification
- advertise itself as 1.2 since revision 22 to increase adoption and avoid ossification in middlebox
- A Cryptographic Analysis of the TLS 1.3 Handshake Protocol
RFC 7301 - Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension ALPN, allows applications to use the existing, secure communications links
RFC 7918 - Transport Layer Security (TLS) False Start
RFC 7925 - Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things
RFC 8449 - Record Size Limit Extension for TLS
RFC 9325 - Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
draft-ietf-tls-keylogfile-03 SSLKEYLOGFILE
draft-ietf-tls-extended-key-update-04 - Extended Key Update for Transport Layer Security (TLS) 1.3
draft-ietf-tls-ctls-10 expired draft
Transport Layer Security, TLS 1.2 and 1.3 (Explained by Example) - YouTube
Understanding TLS 1.2 and TLS 1.3 | Encryption Consulting
A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
Why TLS 1.3 is a Huge Improvement | Venafi
TLS 1.3 » ADMIN Magazine
A Detailed Look at RFC 8446 (a.k.a. TLS 1.3) ❗!important
RFC 8701 - Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility to help identify protocol ossification in middlebox
tldr.fail middlebox fails to handle large ClientHello
Handshake
TLS Handshake Explained - Computerphile - YouTube
The SSL/TLS Handshake: an Overview – SSL Information and FAQ
File:Ssl handshake with two way authentication with certificates.png - Wikimedia Commons
TLS Handshake For Secure Communications Over The Internet
SSH Handshake – Why Abhinav?
What is a TLS Handshake and How Does it Work? | Venafi 0-RTT
The parties specify which version of TLS (TLS 1.0, 1.2, 1.3, etc.) and which cipher suites (see below) they will use
Authenticate the identity of the server via the server's public key and the SSL certificate authority's digital signature
Generate session keys in order to use symmetric encryption after the handshake is complete
What happens in a TLS handshake? | SSL handshake | Cloudflare
What is a session key? | Session keys and TLS handshakes | Cloudflare
SessionTicket replaces SessionID for session resumption in RFC 5077 - Transport Layer Security (TLS) Session Resumption without Server-Side State
a.k.a. session caching, stateless resumption
Session data is encrypted with a secret key known only by the server
Good-bye ESNI, hello ECH! Encrypted Client Hello, replaces Encrypted SNI
Decoding TLS Encrypted Client Hello extension | Thibaut Probst
Command Line Fanatic
How SSL Certificates Use Digital Signatures
A Walkthrough of a TLS 1.3 Handshake
The TLS Handshake at a High Level TLS v1.2, Diffie Hellman protocol, MAC, PKI
A walk-through of an SSL handshake
A walk-through of an SSL key exchange
A walk-through of an SSL Certificate Exchange
sequenceDiagram
participant C as Client
participant S as Server
Note over C,S: TLS 1.3 Handshake
C->>S: Client Hello<br/>(Version: TLS 1.2, Supported Versions: 1.3)<br/>Cipher Suites & Key Share
S->>C: Server Hello<br/>(Encrypted)<br/>Selected Cipher Suite & Key Share
Note over C,S: Key Exchange Phase
S->>C: Certificate<br/>(with Public Key)
C->>C: Verify Certificate<br/>with CA
Note over C,S: Key Exchange Phase
C->>S: Session Key Agreement<br/>(using RSA)
C->>C: Generate Master Secret
C->>S: Finished (Encrypted)
S->>S: Generate Master Secret
S->>C: Finished (Encrypted)Packet Dump
The Illustrated TLS 1.3 Connection: Every Byte Explained ❗!important
The Illustrated QUIC Connection: Every Byte Explained ❗!important
Wireshark - YouTube TLS/QUIC decryption with Wireshark and SSL key logs
Decrypt SSL with Wireshark - HTTPS Decryption: Step-by-Step Guide
HTTPS Decryption with Wireshark // Website TLS Decryption - YouTube
Decrypting TLS, HTTP/2 and QUIC with Wireshark - YouTube
pan-unit42/wireshark-tutorial-decrypting-HTTPS-traffic
SSL Striping
Performing & Preventing SSL Stripping: A Plain-English Primer 2017-10
RFC 6797 - HTTP Strict Transport Security (HSTS)
HSTS Preload List Submission
More Tricks for Defeating SSL Moxie Marlinspike Black Hat - USA - 2009 - YouTube Cert Basic Constraints, HTTP redirect, MITM with null character in Common Name, Defeating OCSP with try again
moxie0/sslstrip: A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.
OFFENSIVE: Exploiting DNS Servers Changes by Leonardo Nve - YouTube
Ciphers
Ciphersuite Info
An Introduction to Cipher Suites | Encryption Consulting
Security/Server Side TLS - MozillaWiki
Generate Mozilla Security Recommended Web Server Configuration Files
RFC 7919 - Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS) "Supported Groups Registry"
RFC 8998 - ShangMi (SM) Cipher Suites for TLS 1.3
国密SSL协议是什么?与标准TLS协议的区别- 沃通SSL证书!
TLS_DHE_RSA_AES256_SHA256
DHE: key exchange (Ephemeral Diffie-Hellman)
RSA: authentication
AES256: data encryption
SHA256: MAC
TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384
ECDHE: key exchange (Ephemeral Elliptic Curve Diffie-Hellman)
RSA: authentication
AES_256_GCM: data encryption
SHA384: MAC
TLS_AES_256_GCM_SHA384 (TLS 1.3)
ECDHE (implicit): key exchange
RSA: authentication
AES_256_GCM: data encryption
SHA384: MAC
HSTS
always use HTTPS
HTTP Strict Transport Security - Wikiwand
HSTS Preload List Submission
Certificate Transparency
Introducing Certificate Transparency and Nimbus
RFC 9162 - Certificate Transparency Version 2.0
Certificate Transparency - Wikiwand
CT deprecates HPKP
RFC 7469 - Public Key Pinning Extension for HTTP
HTTP Public Key Pinning - Wikiwand
Mutual TLS/mTLS
A Kubernetes engineer's guide to mTLS
Mutual TLS | The Backend Engineering Show - YouTube
The Cloudflare mTLS vulnerability - A Deep Dive Analysis - YouTube
mTLS: When certificate authentication is done wrong - The GitHub Blog
Keyless SSL
Keyless SSL: The Nitty Gritty Technical Details
cloudflare/gokeyless: Go implementation of the keyless protocol
SSL checkers
Best SSL Testing Tools for your Website - Grace Themes
Online Tool to Test SSL, TLS and Latest Vulnerability - Geekflare
How to discover TLS configurations | by Be Tech! with Santander | Be Tech! with Santander | Medium
SSL/TLS Protocols Security Guidelines | HKCERT 2016
/bin/bash based SSL/TLS tester: testssl.sh offline tool
crt.sh | Certificate Search
Qualys SSL Labs
Free SSL Checker Tool - Check SSL Certificate
SSL Certificate Checker - Diagnostic Tool | DigiCert.com
SSL Security Test | Scan Web and Email Server SSL TLS STARTTLS Encryption
SSL Checker
SSL/TLS Client Test - TLS Fingerprinting - BrowserLeaks
SSH Pentesting. SSH (TCP/22) is a protocol used to… | by 0liverFlow | Medium pentest and audit tools
OWASP/O-Saft: O-Saft - OWASP SSL advanced forensic tool
trimstray/htrace.sh: My simple Swiss Army knife for http/https troubleshooting and profiling.
sslyze | Kali Linux Tools
nabla-c0d3/sslyze: Fast and powerful SSL/TLS scanning library.
Man-in-the-Middle (MITM)
Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception
mitmproxy - an interactive HTTPS proxy
mitm.it CA for mitmproxy
mitmproxy - Introduction
mitmproxy/mitmproxy: An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
How to Man in the Middle HTTPS Using mitmproxy - Earthly Blog
Spin an HTTP/3 Reverse Proxy (using mitmproxy) - YouTube
https真安全么? 抓包解密https的两种原理+实战 - YouTube
alufers/mitmproxy2swagger: Automagically reverse-engineer REST APIs via capturing traffic
monasticacademy/httptap: View HTTP/HTTPS requests made by any Linux program
sensepost/berate_ap: Script for orchestrating mana rogue WiFi Access Points.
Wifi Hacking Tools Collection | w1f1
sensepost/hostapd-mana: SensePost's modified hostapd for wifi attacks.
PolarProxy TLS proxy decrypt up to 10 GB of data or 10 000 TLS sessions per day
Intercept, debug & mock HTTP with HTTP Toolkit
HTTP Toolkit
Fiddler Everywhere | Debugging Proxy for Mac, Linux, Windows forward TLS proxy, paid
Charles Web Debugging Proxy • HTTP Monitor / HTTP Proxy / HTTPS & SSL Proxy / Reverse Proxy forward TLS proxy, paid
HTTPS/TLS Proxy | NetworkAcademy.io
What is a TLS Proxy? Definition & FAQs | Avi Networks
Rebex TLS Proxy (free) - Rebex.NET
Perfect Forward Secrecy (PFS)
SSL Enabling Forward Secrecy | DigiCert.com
Issues
How to Change Certificate Without Downtime - DZone DevOps
Heartbleed (2014)
see
web-security.md#heartbleed
Renegotiation Gap (2009)
Truth in SOA: Really Understanding the SSL/TLS Vulnerability (Part 1)
Localhost certs
FiloSottile/mkcert: A simple zero-config tool to make locally-trusted development certificates with any names you'd like. add local CA to system
Why and How to Use HTTPS in Your Local Development Environment