SSL TLS

security SSL TLS
Created on 2016-09-25 Last Modified 2018-02-23


Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols designed to provide communications security over a computer network.

The authentication relied on Certificate Authorities (CA) and a public key infrastructure using X.509 certificates. The server register with a CA and sign its public key with the key of CA for a fee. The client, after receiving the public key from server, verifies it with the CA.

File:Ssl handshake with two way authentication with certificates.png - Wikimedia Commons

OpenSSL is a toolkit for the TLS and SSL.

see Open SSL

HSTS

SSL checkers

Perfect Forward Secrecy (PFS)

Issues

CA

As it turns out, CA may not be trust-worthy after all. There are many instances of CA issuing fraudulent certificates (willingly or being hacked).

Heartbleed (2014)

Renegotiation Gap (2009)

Let’s Encrypt

Clients

Heroku

Standards


comments powered by Disqus