Revision as of 18:20, 6 January 2010

Purpose

The SSL/TLS Knowledge Center serves as a central point to provide references to SSL/TLS.

Resources

Transport_Layer_Protection_Cheat_Sheet - OWASP SSL/TLS Cheat Sheet

Testing for SSL-TLS, and OWASP Guide to Cryptography

Strict Transport Security Spec - Specification for STS which allows a website to instruct the browser to not send requests to the web server over non-TLS channels.

STS in No Script - [BlogPost] How to enable STS support within No Script plugin

HTTPS Data Exposure - [BlogPost] HTTPS data exposure comparison for GET and POST

SSL Server Rating Guide - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer

SP 800-52 Guidelines for the selection and use of transport layer security (TLS) Implementations

FIPS 140-2 Security Requirements for Cryptographic Modules

Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program

SP 800-57 Recommendation for Key Management, Revision 2

SP 800-95 Guide to Secure Web Services

RFC 3280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

RFC 4346 The Transport Layer Security (TLS) Protocol Version 1.1

Needed

Guides for configuring SSL/TLS cipher support in common web servers

References to current SSL/TLS RFC specs

Eventually we'll need some sort of organization or grouping. We'll address that as it grows and a system makes sense.

More entries to the "Needed" list

Anything else that would be helpful related to SSL/TLS