cybersecurity-tls-security
cybersecurity-tls-security copied to clipboard
A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about SSL / TLS
Transport Layer Security (TLS): Theory, Techniques, and Tools
An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about TLS in Cybersecurity.
Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.
What is TLS?
TLS encrypts communications between a client and server, primarily web browsers and web sites/applications. Specifically, TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet.
Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence.
SSL (Secure Sockets Layer) encryption, and its more modern and secure replacement, TLS (Transport Layer Security) encryption, protect data sent over the internet or a computer network.
- TLS evolved from Secure Socket Layers (SSL) which was originally developed by Netscape Communications Corporation in 1994 to secure web sessions. SSL 1.0 was never publicly released, whilst SSL 2.0 was quickly replaced by SSL 3.0 on which TLS is based.
How Does SSL/TLS Encryption Work?
SSL/TLS uses both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit. Asymmetric encryption is used to establish a secure session between a client and a server, and symmetric encryption is used to exchange data within the secured session.
A website must have an SSL/TLS certificate for their web server/domain name to use SSL/TLS encryption. Once installed, the certificate enables the client and server to securely negotiate the level of encryption in the following steps:
-
- The client contacts the server using a secure URL (HTTPS…).
-
- The server sends the client its certificate and public key.
-
- The client verifies this with a Trusted Root Certification Authority to ensure the certificate is legitimate.
-
- The client and server negotiate the strongest type of encryption that each can support.
-
- The client encrypts a session (secret) key with the server’s public key, and sends it back to the server.
-
- The server decrypts the client communication with its private key, and the session is established.
-
- The session key (symmetric encryption) is now used to encrypt and decrypt data transmitted between the client and server. Both the client and server are now using HTTPS (SSL/TLS + HTTP) for their communication. Web browsers validate this with a lock icon in the browser address bar. HTTPS functions over Port 443.
Once you leave the website, those keys are discarded. On your next visit, a new handshake is negotiated, and a new set of keys are generated.
Table of Contents
- Introduction
- SSL/TLS Protocol History
-
SSL/TLS Hacks
-
Cryptographic Issues
- CBC Issues
- RC4 Issues
- Compression Issues
- RSA Issues
- Implementation Issues
-
Cryptographic Issues
- Some Open Source Implementations of SSL/TLS
- OpenSSL Version History
-
Vulnerabilities
- Fizz Vulnerabilities
- OpenSSL Vulnerabilities
-
Tools
- Fuzzing
- Programing
- Scanning
- Others
- Glossary
- TLS General
- TLS Attacks
- PKIX
- SSL Interception
- Protocols
- SSL Labs Research
- License
SSL/TLS Protocol History
Protocol Name | Release Date | Author | RFC |
---|---|---|---|
SSL 1.0 | N/A | Netscape | N/A |
SSL 2.0 | 1995 | Netscape | N/A |
SSL 3.0 | 1996 | Netscape | N/A |
TLS 1.0 | 1999-01 | IETF TLS Working Group | RFC 2246 |
TLS 1.1 | 2006-04 | IETF TLS Working Group | RFC 4346 |
TLS 1.2 | 2008-08 | IETF TLS Working Group | RFC 5246 |
TLS 1.3 | 2018-08 | IETF TLS Working Group | RFC 8446 |
SSL/TLS Hacks
Cryptographic Issues
CBC Issues
Attack Name | Published Date | Affected Version | Paper |
---|---|---|---|
Bleichenbacher | 2003-09 | SSL 3.0 | Klima, Vlastimil, Ondrej Pokorný, and Tomáš Rosa. "Attacking RSA-based sessions in SSL/TLS." International Workshop on Cryptographic Hardware and Embedded Systems. Springer, Berlin, Heidelberg, 2003. |
BEAST | 2011-05 | SSL 3.0, TLS 1.0 | Rizzo, Juliano, and Thai Duong. "Here come the xor ninjas." In Ekoparty Security Conference, 2011. |
Lucky Thirteen | 2013-02 | SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 | Al Fardan, Nadhem J., and Kenneth G. Paterson. "Lucky thirteen: Breaking the TLS and DTLS record protocols." 2013 IEEE Symposium on Security and Privacy. IEEE, 2013. |
POODLE | 2014-10 | SSL 3.0 | Möller, Bodo, Thai Duong, and Krzysztof Kotowicz. "This POODLE bites: exploiting the SSL 3.0 fallback." Security Advisory (2014). |
DROWN | 2016-08 | SSL 2.0 | Aviram, Nimrod, et al. "DROWN: Breaking TLS Using SSLv2." 25th USENIX Security Symposium (USENIX Security 16). 2016. |
RC4 Issues
Compression Issues
Attack Name | Published Date | Paper |
---|---|---|
CRIME | 2012-09 | Rizzo, Juliano, and Thai Duong. "The CRIME attack." Ekoparty Security Conference. 2012. |
TIME | 2013-03 | Be’ery, Tal, and Amichai Shulman. "A perfect CRIME? only TIME will tell." Black Hat Europe 2013 (2013). |
BREACH | 2013-03 | Prado, A., N. Harris, and Y. Gluck. "The BREACH Attack." (2013). |
RSA Issues
Attack Name | Published Date | Paper |
---|---|---|
Adaptive chosen ciphertext attack | 1998-08 | Bleichenbacher, Daniel. "Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1." Annual International Cryptology Conference. Springer, Berlin, Heidelberg, 1998. |
ROBOT | 2018-08 | Böck, Hanno, Juraj Somorovsky, and Craig Young. "Return Of Bleichenbacher’s Oracle Threat (ROBOT)." 27th USENIX Security Symposium (USENIX Security 18). 2018. |
Implementation Issues
Some Open Source Implementations of SSL/TLS
Implementation | Initial release | Developed by | Written in |
---|---|---|---|
NSS | 1998-03 | Mozilla, AOL, Red Hat, Sun, Oracle, Google and others | C, Assembly |
OpenSSL | 1998-12 | OpenSSL Project | C, Assembly |
GnuTLS | 2000-03 | GnuTLS Project | C |
MatrixSSL | 2004-01 | PeerSec Networks | C |
wolfSSL | 2006-02 | wolfSSL | C |
MbedTLS | 2009-01 | Arm | C |
BoringSSL | 2014-06 | C, C++, Go, Assembly | |
s2n | 2014-06 | Amazon | C |
LibreSSL | 2014-07 | OpenBSD Project | C, Assembly |
Rustls | 2016-08 | Joseph Birr-Pixton etc. | Rust |
Fizz | 2018-06 | C++ |
More information:
https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations
OpenSSL Version History
Major version | Original release date | Last minor version | Last update date |
---|---|---|---|
0.9.1 | 1998-12-23 | 0.9.1c | 1998-12-23 |
0.9.2 | 1999-03-22 | 0.9.2b | 1999-04-06 |
0.9.3 | 1999-05-25 | 0.9.3a | 1999-05-27 |
0.9.4 | 1999-08-09 | 0.9.4 | 1999-08-09 |
0.9.5 | 2000-02-28 | 0.9.5a | 2000-04-01 |
0.9.6 | 2000-09-24 | 0.9.6m | 2004-03-17 |
0.9.7 | 2002-12-31 | 0.9.7m | 2007-02-23 |
0.9.8 | 2005-07-05 | 0.9.8zh | 2015-12-03 |
1.0.0 | 2010-03-29 | 1.0.0t | 2015-12-03 |
1.0.1 | 2012-03-14 | 1.0.1u | 2016-09-22 |
1.0.2 | 2015-01-22 | 1.0.2u | 2019-12-20 |
1.1.0 | 2016-08-25 | 1.1.0l | 2019-09-10 |
1.1.1 | 2018-09-11 | 1.1.1l | 2021-08-24 |
Vulnerabilities
Fizz Vulnerabilities
CVE-ID | Disclosure date | Type | Analysis |
---|---|---|---|
CVE-2019-3560 | 2019-02-26 | Server Side DoS | Facebook Fizz integer overflow vulnerability (CVE-2019-3560) |
CVE-2019-11924 | 2019-08-09 | Server Side Memory Leak | Facebook Fizz memory leak vulnerability (CVE-2019-11924) reproduce and analysis |
OpenSSL Vulnerabilities
Tools
Fuzzing
tlsfuzzer
https://github.com/tomato42/tlsfuzzer
boofuzz
https://github.com/jtpereyda/boofuzz
Fuzzowski
https://github.com/nccgroup/fuzzowski
AFLNet
https://github.com/aflnet/aflnet
Programing
Python built-in TLS wrapper
https://docs.python.org/3.8/library/ssl.html
Go Package tls
https://golang.org/pkg/crypto/tls/
tlslite-ng: TLS implementation in pure python
https://github.com/tomato42/tlslite-ng
Scapy: the Python-based interactive packet manipulation program & library
https://github.com/secdev/scapy/
Scanning
SSLyze: Fast and powerful SSL/TLS scanning library
https://github.com/nabla-c0d3/sslyze
testSSL: Testing TLS/SSL encryption
https://github.com/drwetter/testssl.sh
Qualys SSL Labs online tests
https://www.ssllabs.com/projects/index.html
Others
The New Illustrated TLS Connection
https://tls13.ulfheim.net/
Glossary
Abbreviation | Explanation |
---|---|
SSL | Secure Sockets Layer |
TLS | Transport Layer Security |
IETF | Internet Engineering Task Force |
POODLE | Padding Oracle On Downgrade Legacy Encryption |
DROWN | Decrypting RSA using Obsolete and Weakened eNcryption |
CRIME | Compression Ratio Info-leak Made Easy |
TIME | Timing Info-leak Made Easy |
BREACH | Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext |
FREAK | Factoring RSA Export Keys |
TLS General
Trends
Pervasive Monitoring
Certificates / PKIX
tls - How does OCSP stapling work? - Information Security Stack Exchange. (2013)
TLS Attacks
Overview
ATTACKS ON SSL A COMPREHENSIVE STUDY OF BEAST, CRIME, TIME, BREACH, LUCK Y 13 & RC4 BIASES
Recent Attacks
TLS/SSL
Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). RFC 7457 (2015)
DROWN: Breaking TLS Using SSLv2 (DROWN, 2016)
Out of Character: Use of Punycode and Homoglyph Attacks to Obfuscate URLs for Phishing (2015)
All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS (RC4NOMORE, 2015)
Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (LOGJAM, 2015)
A messy state of the union: Taming the composite state machines of TLS (2015)
Bar Mitzvah Attack: Breaking SSL with a 13-year old RC4 Weakness (2015)
This POODLE bites: exploiting the SSL 3.0 fallback (POODLE, 2014)
Lucky Thirteen: Breaking the TLS and DTLS Record Protocols (Lucky13, 2013
SSL, gone in 30 seconds. Breach attack (BREACH,2013)
On the Security of RC4 in TLS (2013)
The CRIME Attack (CRIME, 2012)
Here come the ⊕ Ninjas (BEAST, 2011)
Software Vulnerabilities
Java’s SSLSocket: How Bad APIs compromise security (2015)
A Survey on {HTTPS} Implementation by Android Apps: Issues and Countermeasures
PKIX
Analysis of the HTTPS Certificate Ecosystem (2013)
Incidents
Secure» in Chrome Browser Does Not Mean «Safe» (2017)
Overview of Symantec CA Issues (2014 (aprox) -2017)
Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates (Symantec, 2017)
Incidents involving the CA WoSign (WoSign, 2016)
Sustaining Digital Certificate Security (Symantec, 2015)
Improved Digital Certificate Security (Symantec, 2015)
TURKTRUST Unauthorized CA Certificates. (2013)
Flame malware collision attack explained (FLAME, 2012)
An update on attempted man-in-the-middle attacks (DIGINOTAR, 2011)
Detecting Certificate Authority compromises and web browser collusion (COMODO, 2011)
SSL Interception
Remarkable works
Certified lies: Detecting and defeating government interception attacks against ssl (2011)
The Security Impact of HTTPS Interception (2017)
US-CERT TA17-075A Https interception weakens internet security (2017)
Killed by Proxy: Analyzing Client-end TLS Interception Software (2016)
The Risks of SSL Inspection (2015)
TLS in the wild—An Internet-wide analysis of TLS-based protocols for electronic communication (2015)
The Matter of Heartbleed (2014)
How the NSA, and your boss, can intercept and break SSL (2013)
SSL Interception-related Incidents
Komodia superfish ssl validation is broken (2015)
More TLS Man-in-the-Middle failures - Adguard, Privdog again and ProtocolFilters.dll (2015)
Software Privdog worse than Superfish (2015)
Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections (2015)
Tools
TLS Audit
Online
Local
Qualys SSL Labs (local version)
Sysadmins
Qualys SSL/TLS Deployment Best Practices
Mozilla's Recommendations for TLS Servers
IISCrypto: Tune up your Windows Server TLS configuration
MITM
bettercap - A complete, modular, portable and easily extensible MITM framework’
Protocols
UTA (Use TLS in Applications) IETF WG
Strict Transport Security (STS)
HPKP
Certificate Transparency
-
How Certificate Transparency Works - Certificate Transparency
-
Google Certificate Transparency (CT) to Expand to All Certificates Types (2016)
CAA
DANE and DNSSEC
SSL / TLS Best Practices
^ back to top ^
License
MIT License & cc license
This work is licensed under a Creative Commons Attribution 4.0 International License.
To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work.