SSL/TLS

protocolsandservers2 networksecurityprotocols

SSL and TLS are cryptographic πŸ”’ protocols used to securely transfer data. They are used to secure many protocols such as HTTP (HTTPS), SMTP (SMTPS), FTP (FTPS)... that were sending data as plaintext πŸ”₯.

SSL (1.0, 2.0, and 3.0) is deprecated over the more secure TLS. TLS versions 1.0, and 1.1 are deprecated too, while 1.2 is mostly used for backward-compatability, and 1.3 is the current recommended version.

SSL is often used interchangeably with TLS, even if they are different.

Cryptography πŸ”‘: SSL/TLS use an asymmetric algorithm to exchange a temporary symmetric key that they will use to exchange messages.

SSL/TLS use a certificate allowing a client to ensure the authenticity of the other party. The other party will wrap their public key and some of their information in a Certificate Signing Request (CSR) πŸ“.

They will send the CSR to a Certificate Authority (CA) 🏒, which is a third-party trusted by the client, that will issue the certificate.

There are 3 categories of certificates: EV, OV, and DV.


Tools

Find certificates given a domain

Examinate SSL configuration

$ sslscan URL

πŸ‘» To-do πŸ‘»

Stuff that I found, but never read/used yet.

  • CertDB
  • SSLMate
  • Monitor > Renew certificate > Avoid expired problems
  • Let's encrypt notes in Web
  • SSL decryption
  • SSL hijacking
  • HTTPS spoofing
  • SSL stripping