Latest revision as of 10:52, 19 November 2015

Purpose

The SSL/TLS Knowledge Center serves as a central point to provide references to SSL/TLS. This is a community driven page. Please contribute by adding links or requests for links.

Resources

OWASP Resources

Transport_Layer_Protection_Cheat_Sheet - OWASP SSL/TLS Cheat Sheet

Testing for SSL-TLS

Guide to Cryptography

Articles & Blogs

STS in No Script - How to enable STS support within No Script plugin

HTTPS Data Exposure - HTTPS data exposure comparison for GET and POST

SSL Server Rating Guide - SSL Labs guide providing information on correct configuration of SSL. Focuses mainly at the network layer

Online Tools

SSL Labs - Online tool to verify SSL/TLS certificate and configuration.

High-Tech Bridge - Online tool to verify SSL/TLS compliance with NIST SP 800-52 guidelines and PCI DSS requirements.

NIST Guides

SP 800-52 Guidelines for the selection and use of transport layer security (TLS) Implementations

FIPS 140-2 Security Requirements for Cryptographic Modules

Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program

SP 800-57 Recommendation for Key Management, Revision 2

SP 800-95 Guide to Secure Web Services

Specs

Strict Transport Security Spec - Specification for STS which allows a website to instruct the browser to not send requests to the web server over non-TLS channels.

RFC 3280 Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile

RFC 4346 The Transport Layer Security (TLS) Protocol Version 1.1

Needed

Guides for configuring SSL/TLS cipher support in common web servers

References to current SSL/TLS RFC specs

More entries to this "Needed" list

Anything else that would be helpful related to SSL/TLS