This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org
Difference between revisions of "SSL TLS Knowledge Center"
(→Resources) |
(→Resources) |
||
| Line 3: | Line 3: | ||
=Resources= | =Resources= | ||
| + | |||
[[Transport_Layer_Protection_Cheat_Sheet]] - OWASP SSL/TLS Cheat Sheet | [[Transport_Layer_Protection_Cheat_Sheet]] - OWASP SSL/TLS Cheat Sheet | ||
[[Testing for SSL-TLS (OWASP-CM-001)|Testing for SSL-TLS]], and OWASP [[Guide to Cryptography]] | [[Testing for SSL-TLS (OWASP-CM-001)|Testing for SSL-TLS]], and OWASP [[Guide to Cryptography]] | ||
| − | |||
| − | |||
[http://hackademix.net/2009/09/23/strict-transport-security-in-noscript/ STS in No Script] - [BlogPost] How to enable STS support within No Script plugin | [http://hackademix.net/2009/09/23/strict-transport-security-in-noscript/ STS in No Script] - [BlogPost] How to enable STS support within No Script plugin | ||
| Line 14: | Line 13: | ||
[https://www.ssllabs.com/projects/rating-guide/index.html SSL Server Rating Guide] - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer | [https://www.ssllabs.com/projects/rating-guide/index.html SSL Server Rating Guide] - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer | ||
| + | |||
| + | == NIST Guides == | ||
[http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf SP 800-52 Guidelines for the selection and use of transport layer security (TLS) Implementations] | [http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf SP 800-52 Guidelines for the selection and use of transport layer security (TLS) Implementations] | ||
| Line 24: | Line 25: | ||
[http://csrc.nist.gov/publications/drafts.html#sp800-95 SP 800-95 Guide to Secure Web Services] | [http://csrc.nist.gov/publications/drafts.html#sp800-95 SP 800-95 Guide to Secure Web Services] | ||
| + | |||
| + | == Specs == | ||
| + | [http://lists.w3.org/Archives/Public/www-archive/2009Sep/att-0051/draft-hodges-strict-transport-sec-05.plain.html Strict Transport Security Spec] - Specification for STS which allows a website to instruct the browser to not send requests to the web server over non-TLS channels. | ||
[http://www.ietf.org/rfc/rfc3280.txt RFC 3280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile] | [http://www.ietf.org/rfc/rfc3280.txt RFC 3280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile] | ||
Revision as of 18:21, 6 January 2010
Purpose
The SSL/TLS Knowledge Center serves as a central point to provide references to SSL/TLS.
Resources
Transport_Layer_Protection_Cheat_Sheet - OWASP SSL/TLS Cheat Sheet
Testing for SSL-TLS, and OWASP Guide to Cryptography
STS in No Script - [BlogPost] How to enable STS support within No Script plugin
HTTPS Data Exposure - [BlogPost] HTTPS data exposure comparison for GET and POST
SSL Server Rating Guide - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer
NIST Guides
SP 800-52 Guidelines for the selection and use of transport layer security (TLS) Implementations
FIPS 140-2 Security Requirements for Cryptographic Modules
Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program
SP 800-57 Recommendation for Key Management, Revision 2
SP 800-95 Guide to Secure Web Services
Specs
Strict Transport Security Spec - Specification for STS which allows a website to instruct the browser to not send requests to the web server over non-TLS channels.
RFC 4346 The Transport Layer Security (TLS) Protocol Version 1.1
Needed
Guides for configuring SSL/TLS cipher support in common web servers
References to current SSL/TLS RFC specs
Eventually we'll need some sort of organization or grouping. We'll address that as it grows and a system makes sense.
More entries to the "Needed" list
Anything else that would be helpful related to SSL/TLS
