Transport Layer Security

HTTP headers

HTTP Strict Transport Security (HSTS)

Mechanism enabling web sites to declare themselves accessible only via secure connections and/or for users to be able to direct their user agent(s) to interact with given sites only over secure connections

• “HSTS tutorial by Remy Van Elst”

Online Certificate Status Protocol (OCSP)

Protocol useful in determining the current status of a digital certificate without requiring [Certificate Revocation Lists (CRLs)]

• “The case for “OCSP Must-Staple””

Resources

Is TLS Fast Yet?

Yes, yes it is

Let’s Encrypt

Free, automated, and open Certificate Authority

“Security/Server Side TLS”

Contains information on TLS protocols, known issues and vulnerabilities, configuration examples and testing tools

Weak Diffie-Hellman and the Logjam Attack

Uncovered several weaknesses in how Diffie-Hellman key exchange has been deployed

Test

ObservatoryPythonCLI/Library/Web

Project designed to help developers, system administrators, and security professionals configure their sites safely and securely

Qualys SSL Labs SSL Server TestWeb

Performs a deep analysis of the configuration of any SSL web server on the public Internet

SSLyzePythonCLI/Library

Fast and powerful SSL/TLS server scanning library

testssl.shBashCLI

Testing TLS/SSL encryption anywhere on any port