This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

SSL TLS Knowledge Center

Jump to: navigation, search


The SSL/TLS Knowledge Center serves as a central point to provide references to SSL/TLS. This is a community driven page. Please contribute by adding links or requests for links.


OWASP Resources

Transport_Layer_Protection_Cheat_Sheet - OWASP SSL/TLS Cheat Sheet

Testing for SSL-TLS

Guide to Cryptography

Articles & Blogs

STS in No Script - How to enable STS support within No Script plugin

HTTPS Data Exposure - HTTPS data exposure comparison for GET and POST

SSL Server Rating Guide - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer

Online Tools

SSL Labs - Online tool to verify SSL/TLS certificate and configuration.

High-Tech Bridge - Online tool to verify SSL/TLS compliance with NIST SP 800-52 guidelines and PCI DSS requirements.

NIST Guides

SP 800-52 Guidelines for the selection and use of transport layer security (TLS) Implementations

FIPS 140-2 Security Requirements for Cryptographic Modules

Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program

SP 800-57 Recommendation for Key Management, Revision 2

SP 800-95 Guide to Secure Web Services


Strict Transport Security Spec - Specification for STS which allows a website to instruct the browser to not send requests to the web server over non-TLS channels.

RFC 3280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

RFC 4346 The Transport Layer Security (TLS) Protocol Version 1.1


Guides for configuring SSL/TLS cipher support in common web servers

References to current SSL/TLS RFC specs

More entries to this "Needed" list

Anything else that would be helpful related to SSL/TLS