Skip to content

SSL/TLS

July 7, 2025
April 2, 2015

x-509#PKI
ssl-tls-free-certs

Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network. TLS ensures confidentiality and authentication for the parties.

What is SSL (Secure Sockets Layer)? | Cloudflare
What is Transport Layer Security (TLS)? | Cloudflare
Creating Secure Web Apps: What Every Developer Needs to Know About HTTPS Today | Heroku
SSL: Secure Sockets Layer from SSL to TLS 1.2
Exploring HTTPS With Python – Real Python
What are SSL/TLS Certificates? Why do we Need them? and How do they Work? - YouTube

Transport Layer Security (TLS) - Computerphile - YouTube

HTTPS: an awesome, secure tale (pt 1) | by Omer Goldberg | Bits and Pieces

ESNI: A Privacy-Protecting Upgrade to HTTPS | Electronic Frontier Foundation
Server Name Indication - Wikiwand multi-tenants on the same IP

Cloudflare now uses post-quantum cryptography to talk to your origin server

Toolkits:

HTTPS Is Easy!
Is TLS Fast Yet?
ImperialViolet - Overclocking SSL HTTPS is fast since 2010
ImperialViolet - Public key pinning
Survival Guide - TLS/SSL and SSL (X.509) Certificates (CA-signed and Self-Signed)
Rolling out Public Key Pinning with HPKP Reporting — Google Web Updates
SSL: it’s hard to do right | The Recompiler
Nick Craver - HTTPS on Stack Overflow: The End of a Long Road
Networking 101: Transport Layer Security (TLS) - High Performance Browser Networking (O'Reilly)

How the NSA (may have) put a backdoor in RSA’s cryptography: A technical primer | Ars Technica
Critics slam SSL authority for minting certificate for impersonating sites | Ars Technica
Web served, part 2: Securing things with SSL/TLS | Ars Technica

Deploying HTTPS: The Green Lock and Beyond (Chrome Dev Summit 2015) - YouTube
Mythbusting HTTPS: Squashing security’s urban legends - Google I/O 2016 - YouTube

Standards

TLS 1.0 = SSL 3.1 (1999)
TLS 1.1 = SSL 3.2 (2006)
TLS 1.2 = SSL 3.3 (2008)
TLS 1.3 = SSL 3.4 (2018)

Transport Layer Security (tls)

RFC 8446 - The Transport Layer Security (TLS) Protocol Version 1.3
RFC 9147 - The Datagram Transport Layer Security (DTLS) Protocol Version 1.3
RFC 6101 - The Secure Sockets Layer (SSL) Protocol Version 3.0
Transport Layer Security (TLS) Parameters
draft-ietf-tls-rfc8446bis-12 update
draft-ietf-tls-rfc9147bis-00 update

TLS v1.3

RFC 7301 - Transport Layer Security (TLS) Application-Layer Protocol Negotiation Extension ALPN, allows applications to use the existing, secure communications links
RFC 7918 - Transport Layer Security (TLS) False Start
RFC 7925 - Transport Layer Security (TLS) / Datagram Transport Layer Security (DTLS) Profiles for the Internet of Things
RFC 8449 - Record Size Limit Extension for TLS
RFC 9325 - Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)
draft-ietf-tls-keylogfile-03 SSLKEYLOGFILE
draft-ietf-tls-extended-key-update-04 - Extended Key Update for Transport Layer Security (TLS) 1.3
draft-ietf-tls-ctls-10 expired draft

Transport Layer Security, TLS 1.2 and 1.3 (Explained by Example) - YouTube
Understanding TLS 1.2 and TLS 1.3  | Encryption Consulting
A Detailed Look at RFC 8446 (a.k.a. TLS 1.3)
Why TLS 1.3 is a Huge Improvement | Venafi
TLS 1.3 » ADMIN Magazine
A Detailed Look at RFC 8446 (a.k.a. TLS 1.3) ❗!important

RFC 8701 - Applying Generate Random Extensions And Sustain Extensibility (GREASE) to TLS Extensibility to help identify protocol ossification in middlebox
tldr.fail middlebox fails to handle large ClientHello

Handshake

TLS Handshake Explained - Computerphile - YouTube
The SSL/TLS Handshake: an Overview – SSL Information and FAQ
File:Ssl handshake with two way authentication with certificates.png - Wikimedia Commons
TLS Handshake For Secure Communications Over The Internet
SSH Handshake – Why Abhinav?
What is a TLS Handshake and How Does it Work? | Venafi 0-RTT

The parties specify which version of TLS (TLS 1.0, 1.2, 1.3, etc.) and which cipher suites (see below) they will use
Authenticate the identity of the server via the server's public key and the SSL certificate authority's digital signature
Generate session keys in order to use symmetric encryption after the handshake is complete

What happens in a TLS handshake? | SSL handshake | Cloudflare
What is a session key? | Session keys and TLS handshakes | Cloudflare

SessionTicket replaces SessionID for session resumption in RFC 5077 - Transport Layer Security (TLS) Session Resumption without Server-Side State
a.k.a. session caching, stateless resumption
Session data is encrypted with a secret key known only by the server

Good-bye ESNI, hello ECH! Encrypted Client Hello, replaces Encrypted SNI
Decoding TLS Encrypted Client Hello extension | Thibaut Probst

Command Line Fanatic
How SSL Certificates Use Digital Signatures
A Walkthrough of a TLS 1.3 Handshake
The TLS Handshake at a High Level TLS v1.2, Diffie Hellman protocol, MAC, PKI
A walk-through of an SSL handshake
A walk-through of an SSL key exchange
A walk-through of an SSL Certificate Exchange

sequenceDiagram
    participant C as Client
    participant S as Server

    Note over C,S: TLS 1.3 Handshake
    C->>S: Client Hello<br/>(Version: TLS 1.2, Supported Versions: 1.3)<br/>Cipher Suites & Key Share
    S->>C: Server Hello<br/>(Encrypted)<br/>Selected Cipher Suite & Key Share
    Note over C,S: Key Exchange Phase
    S->>C: Certificate<br/>(with Public Key)
    C->>C: Verify Certificate<br/>with CA
    Note over C,S: Key Exchange Phase
    C->>S: Session Key Agreement<br/>(using RSA)
    C->>C: Generate Master Secret
    C->>S: Finished (Encrypted)
    S->>S: Generate Master Secret
    S->>C: Finished (Encrypted)

Packet Dump

The Illustrated TLS 1.3 Connection: Every Byte Explained ❗!important
The Illustrated QUIC Connection: Every Byte Explained ❗!important

Wireshark - YouTube TLS/QUIC decryption with Wireshark and SSL key logs
Decrypt SSL with Wireshark - HTTPS Decryption: Step-by-Step Guide
HTTPS Decryption with Wireshark // Website TLS Decryption - YouTube
Decrypting TLS, HTTP/2 and QUIC with Wireshark - YouTube
pan-unit42/wireshark-tutorial-decrypting-HTTPS-traffic

SSL Striping

Performing & Preventing SSL Stripping: A Plain-English Primer 2017-10

RFC 6797 - HTTP Strict Transport Security (HSTS)
HSTS Preload List Submission

More Tricks for Defeating SSL Moxie Marlinspike Black Hat - USA - 2009 - YouTube Cert Basic Constraints, HTTP redirect, MITM with null character in Common Name, Defeating OCSP with try again
moxie0/sslstrip: A tool for exploiting Moxie Marlinspike's SSL "stripping" attack.

OFFENSIVE: Exploiting DNS Servers Changes by Leonardo Nve - YouTube

Ciphers

Ciphersuite Info
An Introduction to Cipher Suites | Encryption Consulting

Security/Server Side TLS - MozillaWiki
Generate Mozilla Security Recommended Web Server Configuration Files

RFC 7919 - Negotiated Finite Field Diffie-Hellman Ephemeral Parameters for Transport Layer Security (TLS) "Supported Groups Registry"

RFC 8998 - ShangMi (SM) Cipher Suites for TLS 1.3
国密SSL协议是什么?与标准TLS协议的区别- 沃通SSL证书!

TLS_DHE_RSA_AES256_SHA256

DHE: key exchange (Ephemeral Diffie-Hellman)
RSA: authentication
AES256: data encryption
SHA256: MAC

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384

ECDHE: key exchange (Ephemeral Elliptic Curve Diffie-Hellman)
RSA: authentication
AES_256_GCM: data encryption
SHA384: MAC

TLS_AES_256_GCM_SHA384 (TLS 1.3)

ECDHE (implicit): key exchange
RSA: authentication
AES_256_GCM: data encryption
SHA384: MAC

HSTS

always use HTTPS

HTTP Strict Transport Security - Wikiwand
HSTS Preload List Submission

Certificate Transparency

Introducing Certificate Transparency and Nimbus

RFC 9162 - Certificate Transparency Version 2.0
Certificate Transparency - Wikiwand

CT deprecates HPKP
RFC 7469 - Public Key Pinning Extension for HTTP
HTTP Public Key Pinning - Wikiwand

Mutual TLS/mTLS

A Kubernetes engineer's guide to mTLS
Mutual TLS | The Backend Engineering Show - YouTube

The Cloudflare mTLS vulnerability - A Deep Dive Analysis - YouTube
mTLS: When certificate authentication is done wrong - The GitHub Blog

Keyless SSL

x-509#Delegated Credentials

Keyless SSL: The Nitty Gritty Technical Details
cloudflare/gokeyless: Go implementation of the keyless protocol

SSL checkers

Best SSL Testing Tools for your Website - Grace Themes
Online Tool to Test SSL, TLS and Latest Vulnerability - Geekflare
How to discover TLS configurations | by Be Tech! with Santander | Be Tech! with Santander | Medium
SSL/TLS Protocols Security Guidelines | HKCERT 2016

/bin/bash based SSL/TLS tester: testssl.sh offline tool
crt.sh | Certificate Search
Qualys SSL Labs
Free SSL Checker Tool - Check SSL Certificate
SSL Certificate Checker - Diagnostic Tool | DigiCert.com
SSL Security Test | Scan Web and Email Server SSL TLS STARTTLS Encryption
SSL Checker
SSL/TLS Client Test - TLS Fingerprinting - BrowserLeaks

SSH Pentesting. SSH (TCP/22) is a protocol used to… | by 0liverFlow | Medium pentest and audit tools
OWASP/O-Saft: O-Saft - OWASP SSL advanced forensic tool

trimstray/htrace.sh: My simple Swiss Army knife for http/https troubleshooting and profiling.

sslyze | Kali Linux Tools
nabla-c0d3/sslyze: Fast and powerful SSL/TLS scanning library.

Man-in-the-Middle (MITM)

Monsters in the Middleboxes: Introducing Two New Tools for Detecting HTTPS Interception

mitmproxy - an interactive HTTPS proxy
mitm.it CA for mitmproxy
mitmproxy - Introduction
mitmproxy/mitmproxy: An interactive TLS-capable intercepting HTTP proxy for penetration testers and software developers.
How to Man in the Middle HTTPS Using mitmproxy - Earthly Blog
Spin an HTTP/3 Reverse Proxy (using mitmproxy) - YouTube
https真安全么? 抓包解密https的两种原理+实战 - YouTube

alufers/mitmproxy2swagger: Automagically reverse-engineer REST APIs via capturing traffic

c2FmZQ/tlsproxy: A simple TLS proxy, Reverse proxy, and Web server that uses Let's Encrypt automatically.

bettercap/bettercap: The Swiss Army knife for 802.11, BLE, HID, CAN-bus, IPv4 and IPv6 networks reconnaissance and MITM attacks.

monasticacademy/httptap: View HTTP/HTTPS requests made by any Linux program
sensepost/berate_ap: Script for orchestrating mana rogue WiFi Access Points.

Wifi Hacking Tools Collection | w1f1
sensepost/hostapd-mana: SensePost's modified hostapd for wifi attacks.

PolarProxy TLS proxy decrypt up to 10 GB of data or 10 000 TLS sessions per day

Intercept, debug & mock HTTP with HTTP Toolkit
HTTP Toolkit

Fiddler Everywhere | Debugging Proxy for Mac, Linux, Windows forward TLS proxy, paid
Charles Web Debugging Proxy • HTTP Monitor / HTTP Proxy / HTTPS & SSL Proxy / Reverse Proxy forward TLS proxy, paid

HTTPS/TLS Proxy | NetworkAcademy.io
What is a TLS Proxy? Definition & FAQs | Avi Networks

Rebex TLS Proxy (free) - Rebex.NET

iPhone and Android WiFi Man-in-the-middle attack // PYTHON Scapy scripts for attacking networks - YouTube

Perfect Forward Secrecy (PFS)

SSL Enabling Forward Secrecy | DigiCert.com

Issues

How to Change Certificate Without Downtime - DZone DevOps

Heartbleed (2014)

see web-security.md#heartbleed

Renegotiation Gap (2009)

Truth in SOA: Really Understanding the SSL/TLS Vulnerability (Part 1)

Localhost certs

FiloSottile/mkcert: A simple zero-config tool to make locally-trusted development certificates with any names you'd like. add local CA to system
Why and How to Use HTTPS in Your Local Development Environment

Free SSL/TLS Certs

ssl-tls-free-certs