IPv6-Labor

Benutzer-Werkzeuge

Webseiten-Werkzeuge

Zuletzt angesehen:
sec:tls

Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen RevisionVorhergehende Überarbeitung
Nächste Überarbeitung		Vorhergehende Überarbeitung
sec:tls [2017/03/25 07:26] – [Links:] adminsec:tls [2024/04/01 14:04] (aktuell) – [Analyse des Protokolls:] admin
Zeile 1: Zeile 1:
 ====== Transport Layer Security (TLS) ====== ====== Transport Layer Security (TLS) ======
  
 +  * [[https://youtu.be/Ikv2G2Zm01s|IXIA: Understanding TLS 1.3]]
 +  * [[https://media.defense.gov/2021/Jan/05/2002560140/-1/-1/0/ELIMINATING_OBSOLETE_TLS_UOO197443-20.PDF|NSA: Eliminating Obsolete Transport Layer Security (TLS) Protocol Configurations]]
 +===== Analyse des Protokolls: =====
  
-===== Links=====+  * http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html 
 +  * https://www.cloudflare.com/de-de/learning/ssl/what-happens-in-a-tls-handshake/ 
 +  * http://blog.fourthbit.com/2014/12/23/traffic-analysis-of-an-ssl-slash-tls-session 
 +  * https://albertx.mx/https-connections-browsers/ 
 +  * https://albertx.mx/https-handshake/
  
-http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html+<code bash> 
 +openssl s_client -state -connect google.de:443 
 +# danach 
 +GET HTTP/1.1 
 +Host: www.google.de 
 +</code>
  
-https://wiki.wireshark.org/SSL +===== Wireshark-Tipps: ===== 
- +  * https://wiki.wireshark.org/SSL 
- +  * https://jimshaver.net/2015/02/11/decrypting-tls-browser-traffic-with-wireshark-the-easy-way/ 
-=== Testservices ===+  * https://lekensteyn.nl/files/wireshark-ssl-decryption.pdf 
 +  * https://osqa-ask.wireshark.org/questions/24489/ssl-handshake-certificate-hidden 
 +===== Testservices =====
  
   * https://www.ssllabs.com/ssltest/   * https://www.ssllabs.com/ssltest/
 +  * https://securityheaders.io
 +  * https://observatory.mozilla.org
 +  * [[https://www.sslshopper.com/certificate-decoder.html|Certificate Decoder]]
  
-=== Web-Security ===+==== Webserver Configuration ==== 
 +  * [[https://mozilla.github.io/server-side-tls/ssl-config-generator/|Mozilla SSL Configuration Generator]] 
 +  * https://scaron.info/blog/improve-your-nginx-ssl-configuration.html 
 + 
 +==== Web-Security ====
   * https://webmasters.googleblog.com/2017/03/nohacked-year-in-review.html   * https://webmasters.googleblog.com/2017/03/nohacked-year-in-review.html
-  * https://securityheaders.io+  * [[https://medium.com/square-corner-blog/content-security-policy-for-single-page-web-apps-78f2b2cf1757#.a58mifv6v|Content Security Policy for Single Page Web Apps]] 
 + 
 +===== OpenSSL ===== 
 + 
 +**''.cer''** oder  **''.crt''** Dateien speichern X.509 Zertifikate in **DER** oder **BASE-64** (PEM) encoding. 
 + 
 +Anzeige eines PEM (Base-64)-kodierten SSL Zertifikats: 
 +<code bash> 
 +openssl x509 -text -noout -in certificate.pem  
 +</code> 
 + 
 +Anzeige eines binären DER-kodierten SSL Zertifikats: 
 +<code bash> 
 +openssl x509 -text -noout -in certificate.der -inform DER 
 +</code> 
 + 
 +Umwandlung eines DER-kodierten Zertifikats in BASE-64 Kodierung 
 +<code bash> 
 +openssl x509 -inform DER -in certificate.cer -out certificate.pem 
 +</code> 
 +==== Set up your own Certificate Authority (CA) ==== 
 + 
 +  * https://jamielinux.com/docs/openssl-certificate-authority/index.html 
 +  * https://www.phildev.net/ssl/ 
 + 
 +==== Certificate Enrolment ==== 
 + 
 +  * https://tools.ietf.org/html/draft-gutmann-scep-10 
 + 
 +==== Certificate Management ==== 
 +  * https://github.com/hashicorp/vault 
 +  * https://news.ycombinator.com/item?id=14321498
sec/tls.1490426767.txt.gz · Zuletzt geändert: 2017/03/25 07:26 von admin