An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about TLS in Cybersecurity.
Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.
TLS encrypts communications between a client and server, primarily web browsers and web sites/applications. Specifically, TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet.
Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence.
SSL (Secure Sockets Layer) encryption, and its more modern and secure replacement, TLS (Transport Layer Security) encryption, protect data sent over the internet or a computer network.
- TLS evolved from Secure Socket Layers (SSL) which was originally developed by Netscape Communications Corporation in 1994 to secure web sessions. SSL 1.0 was never publicly released, whilst SSL 2.0 was quickly replaced by SSL 3.0 on which TLS is based.
SSL/TLS uses both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit. Asymmetric encryption is used to establish a secure session between a client and a server, and symmetric encryption is used to exchange data within the secured session.
A website must have an SSL/TLS certificate for their web server/domain name to use SSL/TLS encryption. Once installed, the certificate enables the client and server to securely negotiate the level of encryption in the following steps:
-
- The client contacts the server using a secure URL (HTTPS…).
-
- The server sends the client its certificate and public key.
-
- The client verifies this with a Trusted Root Certification Authority to ensure the certificate is legitimate.
-
- The client and server negotiate the strongest type of encryption that each can support.
-
- The client encrypts a session (secret) key with the server’s public key, and sends it back to the server.
-
- The server decrypts the client communication with its private key, and the session is established.
-
- The session key (symmetric encryption) is now used to encrypt and decrypt data transmitted between the client and server. Both the client and server are now using HTTPS (SSL/TLS + HTTP) for their communication. Web browsers validate this with a lock icon in the browser address bar. HTTPS functions over Port 443.
Once you leave the website, those keys are discarded. On your next visit, a new handshake is negotiated, and a new set of keys are generated.
- Introduction
- SSL/TLS Protocol History
- SSL/TLS Hacks
- Some Open Source Implementations of SSL/TLS
- OpenSSL Version History
- Vulnerabilities
- Tools
- Glossary
- TLS General
- TLS Attacks
- PKIX
- SSL Interception
- Protocols
- SSL Labs Research
- License
| Protocol Name | Release Date | Author | RFC |
|---|---|---|---|
| SSL 1.0 | N/A | Netscape | N/A |
| SSL 2.0 | 1995 | Netscape | N/A |
| SSL 3.0 | 1996 | Netscape | N/A |
| TLS 1.0 | 1999-01 | IETF TLS Working Group | RFC 2246 |
| TLS 1.1 | 2006-04 | IETF TLS Working Group | RFC 4346 |
| TLS 1.2 | 2008-08 | IETF TLS Working Group | RFC 5246 |
| TLS 1.3 | 2018-08 | IETF TLS Working Group | RFC 8446 |
| Attack Name | Published Date | Affected Version | Paper |
|---|---|---|---|
| Bleichenbacher | 2003-09 | SSL 3.0 | Klima, Vlastimil, Ondrej Pokorný, and Tomáš Rosa. "Attacking RSA-based sessions in SSL/TLS." International Workshop on Cryptographic Hardware and Embedded Systems. Springer, Berlin, Heidelberg, 2003. |
| BEAST | 2011-05 | SSL 3.0, TLS 1.0 | Rizzo, Juliano, and Thai Duong. "Here come the xor ninjas." In Ekoparty Security Conference, 2011. |
| Lucky Thirteen | 2013-02 | SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 | Al Fardan, Nadhem J., and Kenneth G. Paterson. "Lucky thirteen: Breaking the TLS and DTLS record protocols." 2013 IEEE Symposium on Security and Privacy. IEEE, 2013. |
| POODLE | 2014-10 | SSL 3.0 | Möller, Bodo, Thai Duong, and Krzysztof Kotowicz. "This POODLE bites: exploiting the SSL 3.0 fallback." Security Advisory (2014). |
| DROWN | 2016-08 | SSL 2.0 | Aviram, Nimrod, et al. "DROWN: Breaking TLS Using SSLv2." 25th USENIX Security Symposium (USENIX Security 16). 2016. |
| Attack Name | Published Date | Paper |
|---|---|---|
| CRIME | 2012-09 | Rizzo, Juliano, and Thai Duong. "The CRIME attack." Ekoparty Security Conference. 2012. |
| TIME | 2013-03 | Be’ery, Tal, and Amichai Shulman. "A perfect CRIME? only TIME will tell." Black Hat Europe 2013 (2013). |
| BREACH | 2013-03 | Prado, A., N. Harris, and Y. Gluck. "The BREACH Attack." (2013). |
| Attack Name | Published Date | Paper |
|---|---|---|
| Adaptive chosen ciphertext attack | 1998-08 | Bleichenbacher, Daniel. "Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1." Annual International Cryptology Conference. Springer, Berlin, Heidelberg, 1998. |
| ROBOT | 2018-08 | Böck, Hanno, Juraj Somorovsky, and Craig Young. "Return Of Bleichenbacher’s Oracle Threat (ROBOT)." 27th USENIX Security Symposium (USENIX Security 18). 2018. |
| Implementation | Initial release | Developed by | Written in |
|---|---|---|---|
| NSS | 1998-03 | Mozilla, AOL, Red Hat, Sun, Oracle, Google and others | C, Assembly |
| OpenSSL | 1998-12 | OpenSSL Project | C, Assembly |
| GnuTLS | 2000-03 | GnuTLS Project | C |
| MatrixSSL | 2004-01 | PeerSec Networks | C |
| wolfSSL | 2006-02 | wolfSSL | C |
| MbedTLS | 2009-01 | Arm | C |
| BoringSSL | 2014-06 | C, C++, Go, Assembly | |
| s2n | 2014-06 | Amazon | C |
| LibreSSL | 2014-07 | OpenBSD Project | C, Assembly |
| Rustls | 2016-08 | Joseph Birr-Pixton etc. | Rust |
| Fizz | 2018-06 | C++ |
More information:
https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations
| Major version | Original release date | Last minor version | Last update date |
|---|---|---|---|
| 0.9.1 | 1998-12-23 | 0.9.1c | 1998-12-23 |
| 0.9.2 | 1999-03-22 | 0.9.2b | 1999-04-06 |
| 0.9.3 | 1999-05-25 | 0.9.3a | 1999-05-27 |
| 0.9.4 | 1999-08-09 | 0.9.4 | 1999-08-09 |
| 0.9.5 | 2000-02-28 | 0.9.5a | 2000-04-01 |
| 0.9.6 | 2000-09-24 | 0.9.6m | 2004-03-17 |
| 0.9.7 | 2002-12-31 | 0.9.7m | 2007-02-23 |
| 0.9.8 | 2005-07-05 | 0.9.8zh | 2015-12-03 |
| 1.0.0 | 2010-03-29 | 1.0.0t | 2015-12-03 |
| 1.0.1 | 2012-03-14 | 1.0.1u | 2016-09-22 |
| 1.0.2 | 2015-01-22 | 1.0.2u | 2019-12-20 |
| 1.1.0 | 2016-08-25 | 1.1.0l | 2019-09-10 |
| 1.1.1 | 2018-09-11 | 1.1.1l | 2021-08-24 |
| CVE-ID | Disclosure date | Type | Analysis |
|---|---|---|---|
| CVE-2019-3560 | 2019-02-26 | Server Side DoS | Facebook Fizz integer overflow vulnerability (CVE-2019-3560) |
| CVE-2019-11924 | 2019-08-09 | Server Side Memory Leak | Facebook Fizz memory leak vulnerability (CVE-2019-11924) reproduce and analysis |
tlsfuzzer
https://github.com/tomato42/tlsfuzzer
boofuzz
https://github.com/jtpereyda/boofuzz
Fuzzowski
https://github.com/nccgroup/fuzzowski
AFLNet
https://github.com/aflnet/aflnet
Python built-in TLS wrapper
https://docs.python.org/3.8/library/ssl.html
Go Package tls
https://golang.org/pkg/crypto/tls/
tlslite-ng: TLS implementation in pure python
https://github.com/tomato42/tlslite-ng
Scapy: the Python-based interactive packet manipulation program & library
https://github.com/secdev/scapy/
SSLyze: Fast and powerful SSL/TLS scanning library
https://github.com/nabla-c0d3/sslyze
testSSL: Testing TLS/SSL encryption
https://github.com/drwetter/testssl.sh
Qualys SSL Labs online tests
https://www.ssllabs.com/projects/index.html
The New Illustrated TLS Connection
https://tls13.ulfheim.net/
| Abbreviation | Explanation |
|---|---|
| SSL | Secure Sockets Layer |
| TLS | Transport Layer Security |
| IETF | Internet Engineering Task Force |
| POODLE | Padding Oracle On Downgrade Legacy Encryption |
| DROWN | Decrypting RSA using Obsolete and Weakened eNcryption |
| CRIME | Compression Ratio Info-leak Made Easy |
| TIME | Timing Info-leak Made Easy |
| BREACH | Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext |
| FREAK | Factoring RSA Export Keys |
tls - How does OCSP stapling work? - Information Security Stack Exchange. (2013)
ATTACKS ON SSL A COMPREHENSIVE STUDY OF BEAST, CRIME, TIME, BREACH, LUCK Y 13 & RC4 BIASES
Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). RFC 7457 (2015)
DROWN: Breaking TLS Using SSLv2 (DROWN, 2016)
Out of Character: Use of Punycode and Homoglyph Attacks to Obfuscate URLs for Phishing (2015)
All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS (RC4NOMORE, 2015)
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (LOGJAM, 2015)
A messy state of the union: Taming the composite state machines of TLS (2015)
Bar Mitzvah Attack: Breaking SSL with a 13-year old RC4 Weakness (2015)
This POODLE bites: exploiting the SSL 3.0 fallback (POODLE, 2014)
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols (Lucky13, 2013
SSL, gone in 30 seconds. Breach attack (BREACH,2013)
On the Security of RC4 in TLS (2013)
The CRIME Attack (CRIME, 2012)
Here come the ⊕ Ninjas (BEAST, 2011)
Java’s SSLSocket: How Bad APIs compromise security (2015)
A Survey on {HTTPS} Implementation by Android Apps: Issues and Countermeasures
Analysis of the HTTPS Certificate Ecosystem (2013)
Secure» in Chrome Browser Does Not Mean «Safe» (2017)
Overview of Symantec CA Issues (2014 (aprox) -2017)
Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates (Symantec, 2017)
Incidents involving the CA WoSign (WoSign, 2016)
Sustaining Digital Certificate Security (Symantec, 2015)
Improved Digital Certificate Security (Symantec, 2015)
TURKTRUST Unauthorized CA Certificates. (2013)
Flame malware collision attack explained (FLAME, 2012)
An update on attempted man-in-the-middle attacks (DIGINOTAR, 2011)
Detecting Certificate Authority compromises and web browser collusion (COMODO, 2011)
Certified lies: Detecting and defeating government interception attacks against ssl (2011)
The Security Impact of HTTPS Interception (2017)
US-CERT TA17-075A Https interception weakens internet security (2017)
Killed by Proxy: Analyzing Client-end TLS Interception Software (2016)
The Risks of SSL Inspection (2015)
TLS in the wild—An Internet-wide analysis of TLS-based protocols for electronic communication (2015)
The Matter of Heartbleed (2014)
How the NSA, and your boss, can intercept and break SSL (2013)
Komodia superfish ssl validation is broken (2015)
More TLS Man-in-the-Middle failures - Adguard, Privdog again and ProtocolFilters.dll (2015)
Software Privdog worse than Superfish (2015)
Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections (2015)
Qualys SSL Labs (local version)
Qualys SSL/TLS Deployment Best Practices
Mozilla's Recommendations for TLS Servers
IISCrypto: Tune up your Windows Server TLS configuration
bettercap - A complete, modular, portable and easily extensible MITM framework’
-
How Certificate Transparency Works - Certificate Transparency
-
Google Certificate Transparency (CT) to Expand to All Certificates Types (2016)
MIT License & cc license
This work is licensed under a Creative Commons Attribution 4.0 International License.
To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work.