Log In
Or create an account -> 
Imperial Library
  • Home
  • About
  • News
  • Upload
  • Forum
  • Help
  • Login/SignUp

Index
Preface
Scope and Audience Contents SSL versus TLS SSL Labs Online Resources Feedback About the Author Acknowledgments
1. SSL, TLS, and Cryptography
Transport Layer Security Networking Layers Protocol History Cryptography
Building Blocks
Symmetric Encryption
Stream Ciphers Block Ciphers Padding
Hash Functions Message Authentication Codes Block Cipher Modes
Electronic Codebook Mode Cipher Block Chaining Mode
Asymmetric Encryption Digital Signatures Random Number Generation
Protocols Attacking Cryptography Measuring Strength Man-in-the-Middle Attack
Gaining Access Passive Attacks Active Attacks
2. Protocol
Record Protocol Handshake Protocol
Full Handshake
ClientHello ServerHello Certificate ServerKeyExchange ServerHelloDone ClientKeyExchange ChangeCipherSpec Finished
Client Authentication
CertificateRequest CertificateVerify
Session Resumption
Key Exchange
RSA Key Exchange Diffie-Hellman Key Exchange Elliptic Curve Diffie-Hellman Key Exchange
Authentication Encryption
Stream Encryption Block Encryption Authenticated Encryption
Renegotiation Application Data Protocol Alert Protocol Connection Closure Cryptographic Operations
Pseudorandom Function Master Secret Key Generation
Cipher Suites Extensions
Application Layer Protocol Negotiation Certificate Transparency Elliptic Curve Capabilities Heartbeat Next Protocol Negotiation Secure Renegotiation Server Name Indication Session Tickets Signature Algorithms OCSP Stapling
Protocol Limitations Differences between Protocol Versions
SSL 3 TLS 1.0 TLS 1.1 TLS 1.2
3. Public-Key Infrastructure
Internet PKI Standards Certificates
Certificate Fields Certificate Extensions
Certificate Chains Relying Parties Certification Authorities Certificate Lifecycle Revocation Weaknesses Root Key Compromise Ecosystem Measurements Improvements
4. Attacks against PKI
VeriSign Microsoft Code-Signing Certificate Thawte login.live.com StartCom Breach (2008) CertStar (Comodo) Mozilla Certificate RapidSSL Rogue CA Certificate
Chosen-Prefix Collision Attack Construction of Colliding Certificates Predicting the Prefix What Happened Next
Comodo Resellers Breaches StartCom Breach (2011) DigiNotar
Public Discovery Fall of a Certification Authority Man-in-the-Middle Attacks ComodoHacker Claims Responsibility
DigiCert Sdn. Bhd. Flame
Flame against Windows Update Flame against Windows Terminal Services Flame against MD5
TURKTRUST ANSSI
5. HTTP and Browser Issues
Sidejacking Cookie Stealing Cookie Manipulation
Understanding HTTP Cookies Cookie Manipulation Attacks
Cookie Eviction Direct Cookie Injection Cookie Injection From Related Hostnames
Getting the First Cookie Overwriting Cookies Using Related Hostnames Overwriting Cookies Using Fake Related Hostnames
Impact Mitigation
SSL Stripping MITM Certificates Certificate Warnings
Why So Many Invalid Certificates? Effectiveness of Certificate Warnings Click-Through Warnings versus Exceptions Mitigation
Security Indicators Mixed Content
Root Causes Impact Browser Treatment Prevalence of Mixed Content Mitigation
Extended Validation Certificates Certificate Revocation
Inadequate Client-Side Support Key Issues with Revocation-Checking Standards Certificate Revocation Lists
Issues with CRL Size Client-Side Support for CRLs CRL Freshness
Online Certificate Status Protocol
OCSP Replay Attacks OCSP Response Suppression Client-Side OCSP Support Responder Availability and Performance
6. Implementation Issues
Certificate Validation Flaws
Library and Platform Validation Failures Application Validation Failures Hostname Validation Issues
Random Number Generation
Netscape Navigator (1994) Debian (2006) Insufficient Entropy on Embedded Devices
Heartbleed
Impact Mitigation
Protocol Downgrade Attacks
Rollback Protection in SSL 3 Interoperability Problems
Version Intolerance Extension Intolerance Other Interoperability Problems
Voluntary Protocol Downgrade Rollback Protection in TLS 1.0 and Better Attacking Voluntary Protocol Downgrade Modern Rollback Defenses
Truncation Attacks
Truncation Attack History Cookie Cutting
Deployment Weaknesses
Virtual Host Confusion TLS Session Cache Sharing
7. Protocol Attacks
Insecure Renegotiation
Why Was Renegotiation Insecure? Triggering the Weakness Attacks against HTTP
Execution of Arbitrary GET Requests Credentials Theft User Redirection Cross-Site Scripting
Attacks against Other Protocols Insecure Renegotiation Issues Introduced by Architecture Impact Mitigation Discovery and Remediation Timeline
BEAST
How the Attack Works
ECB Oracle CBC with Predictable IV Practical Attack
Client-Side Mitigation Server-Side Mitigation History Impact
Compression Side Channel Attacks
How the Compression Oracle Works History of Attacks CRIME
TIME BREACH Attack Details Impact against TLS Compression and SPDY Impact against HTTP Response Compression
Mitigation of Attacks against TLS and SPDY Mitigation of Attacks against HTTP Compression
Padding Oracle Attacks
What Is a Padding Oracle? Attacks against TLS Impact Mitigation
RC4 Weaknesses
Key Scheduling Weaknesses Early Single-Byte Biases Biases across the First 256 Bytes Double-Byte Biases Mitigation: RC4 versus BEAST and Lucky 13
Triple Handshake Attack
The Attack
Step 1: Unknown Key-Share Weakness Step 2: Full Synchronization Step 3: Impersonation
Impact Prerequisites Mitigation
Bullrun
Dual Elliptic Curve Deterministic Random Bit Generator
8. Deployment
Key
Key Algorithm Key Size Key Management
Certificate
Certificate Type Certificate Hostnames Certificate Sharing Signature Algorithm Certificate Chain Revocation Choosing the Right Certificate Authority
Protocol Configuration Cipher Suite Configuration
Server cipher suite preference Cipher Strength Forward Secrecy Performance Interoperability
Server Configuration and Architecture
Shared Environments Virtual Secure Hosting Session Caching Complex Architectures
Issue Mitigation
Renegotiation BEAST (HTTP) CRIME (HTTP) Lucky 13 RC4 TIME and BREACH (HTTP) Triple Handshake Attack Heartbleed
Pinning HTTP
Making Full Use of Encryption Cookie Security Backend Certificate and Hostname Validation HTTP Strict Transport Security Content Security Policy Protocol Downgrade Protection
9. Performance Optimization
Latency and Connection Management
TCP Optimization
Initial Congestion Window Tuning Preventing Slow Start When Idle
Connection Persistence SPDY, HTTP 2.0, and Beyond Content Delivery Networks
TLS Protocol Optimization
Key Exchange Certificates Revocation Checking Session Resumption Transport Overhead Symmetric Encryption TLS Record Buffering Latency Interoperability Hardware Acceleration
Denial of Service Attacks
Key Exchange and Encryption CPU Costs Client-Initiated Renegotiation Optimized TLS Denial of Service Attacks
10. HSTS, CSP, and Pinning
HTTP Strict Transport Security
Configuring HSTS Ensuring Hostname Coverage Cookie Security Attack Vectors Robust Deployment Checklist Browser Support Privacy Implications
Content Security Policy
Preventing Mixed Content Issues Policy Testing Reporting Browser Support
Pinning
What to Pin? Where to Pin? Should You Use Pinning? Pinning in Native Applications
Private Backends Public Backends
Chrome Public Key Pinning Microsoft Enhanced Mitigation Experience Toolkit Public Key Pinning Extension for HTTP
Reporting Deployment without Enforcement
DNS-Based Authentication of Named Entities (DANE)
DANE Use Cases Implementation
Certificate Usage Selector Matching Type Certificate Association Data
Deployment Application Support
Trust Assertions for Certificate Keys (TACK) Certification Authority Authorization
11. OpenSSL
Getting Started
Determine OpenSSL Version and Configuration Building OpenSSL Examine Available Commands Building a Trust Store
Conversion Using Perl Conversion Using Go
Key and Certificate Management
Key Generation Creating Certificate Signing Requests Creating CSRs from Existing Certificates Unattended CSR Generation Signing Your Own Certificates Creating Certificates Valid for Multiple Hostnames Examining Certificates Key and Certificate Conversion
PEM and DER Conversion PKCS#12 (PFX) Conversion PKCS#7 Conversion
Configuration
Cipher Suite Selection
Obtaining the List of Supported Suites Keywords Combining Keywords Building Cipher Suite Lists Keyword Modifiers
Sorting
Handling Errors Putting It All Together Recommended Configuration
Performance
Creating a Private Certification Authority
Features and Limitations Creating a Root CA
Root CA Configuration Root CA Directory Structure Root CA Generation Structure of the Database File Root CA Operations Create a Certificate for OCSP Signing
Creating a Subordinate CA
Subordinate CA Configuration Subordinate CA Generation Subordinate CA Operations
12. Testing with OpenSSL
Connecting to SSL Services Testing Protocols that Upgrade to SSL Using Different Handshake Formats Extracting Remote Certificates Testing Protocol Support Testing Cipher Suite Support Testing Servers that Require SNI Testing Session Reuse Checking OCSP Revocation Testing OCSP Stapling Checking CRL Revocation Testing Renegotiation Testing for the BEAST Vulnerability Testing for Heartbleed
13. Configuring Apache
Installing Apache with Static OpenSSL Enabling TLS Configuring TLS Protocol Configuring Keys and Certificates Configuring Multiple Keys Wildcard and Multisite Certificates Virtual Secure Hosting Reserving Default Sites for Error Messages Forward Secrecy OCSP Stapling
Configuring OCSP Stapling Handling Errors Using a Custom OCSP Responder
Configuring Ephemeral DH Key Exchange TLS Session Management
Standalone Session Cache Standalone Session Tickets Distributed Session Caching Distributed Session Tickets Disabling Session Tickets
Client Authentication Mitigating Protocol Issues
Insecure Renegotiation BEAST CRIME
Deploying HTTP Strict Transport Security Monitoring Session Cache Status Logging Negotiated TLS Parameters Advanced Logging with mod_sslhaf
14. Configuring Java and Tomcat
Java Cryptography Components
Strong and Unlimited Encryption Provider Configuration Features Overview Protocol Vulnerabilities Interoperability Issues Tuning via Properties Common Error Messages
Certificate Chain Issues Server Hostname Mismatch Client Diffie-Hellman Limitations Server Name Indication Intolerance Strict Secure Renegotiation Failures Protocol Negotiation Failure Handshake Format Incompatibility
Securing Java Web Applications
Enforcing Encryption Securing Web Application Cookies Securing Web Session Cookies Deploying HTTP Strict Transport Security Using Strong Protocols on the Client Side Revocation Checking
Common Keystore Operations
Keystore Layout Creating a Key and a Self-Signed Certificate Creating a Certificate Signing Request Importing Certificates Converting Existing Certificates Importing Client Root Certificates
Tomcat
Configuring TLS Handling
External TLS Termination
JSSE Configuration
Forward Secrecy Configuration with Java 8
APR and OpenSSL Configuration
Global OpenSSL Configuration
15. Configuring Microsoft Windows and IIS
Schannel
Features Overview Protocol Vulnerabilities Interoperability Issues
Microsoft Root Certificate Program
Managing System Trust Stores Importing a Trusted Certificate Blacklisting Trusted Certificates Disabling the Auto-Update of Root Certificates
Configuration
Schannel Configuration
Protocol Configuration Cipher Suite Algorithm Selection
Cipher Suite Configuration Key and Signature Restrictions
Using CertUtil to Manipulate Cryptographic Policy Recording Weak Certificate Chains Complete Policy Example
Configuring Renegotiation Configuring Session Caching Monitoring Session Caching FIPS 140-2
Configuring FIPS
Third-Party Utilities
Securing ASP.NET Web Applications
Enforcing SSL Usage Securing Cookies Securing Session Cookies and Forms Authentication Deploying HTTP Strict Transport Security
Internet Information Server
Managing Keys and Certificates
Creating a Custom IIS Management Console IIS Certificate Management Creating a Self-Signed Certificate Importing a Certificate Requesting Certificates from a Public CA Completing Certificate Signing Requests Configuring SSL Sites Advanced Options
16. Configuring Nginx
Installing Nginx with Static OpenSSL Enabling TLS Configuring TLS Protocol Configuring Keys and Certificates Configuring Multiple Keys Wildcard and Multisite Certificates Virtual Secure Hosting Reserving Default Sites for Error Messages Forward Secrecy OCSP Stapling
Configuring OCSP Stapling Using a Custom OCSP Responder Manual Configuration of OCSP Responses
Configuring Ephemeral DH Key Exchange Configuring Ephemeral ECDH Key Exchange TLS Session Management
Standalone Session Cache Standalone Session Tickets Distributed Session Cache Distributed Session Tickets Disabling Session Tickets
Client Authentication Mitigating Protocol Issues
Insecure Renegotiation BEAST CRIME
Deploying HTTP Strict Transport Security Tuning TLS Buffers Logging
17. Summary Index
  • ← Prev
  • Back
  • Next →
  • ← Prev
  • Back
  • Next →

Chief Librarian: Las Zenow <zenow@riseup.net>
Fork the source code from gitlab.

This is a mirror of the Tor onion service:
http://kx5thpx2olielkihfyo4jgjqfb7zx7wxr3sd4xzt26ochei4m6f7tayd.onion