awesome-tls-security
A collection of (not-so, yet) awesome resources related to TLS, PKI and related stuff
https://github.com/edelahozuah/awesome-tls-security
Last synced: 3 days ago
JSON representation
-
Trends
-
Pervasive Monitoring
-
Certificates / PKIX
- Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280
- Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). RFC 6125
- tls - How does OCSP stapling work? - Information Security Stack Exchange. (2013)
-
Attacks on TLS
-
Overview
-
Recent Attacks
- On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN (SWEET32, 2016)
- Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). RFC 7457 (2015)
- DROWN: Breaking TLS Using SSLv2 (DROWN, 2016)
- Out of Character: Use of Punycode and Homoglyph Attacks to Obfuscate URLs for Phishing (2015)
- All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS (RC4NOMORE, 2015)
- Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (LOGJAM, 2015)
- A messy state of the union: Taming the composite state machines of TLS (2015)
- Bar Mitzvah Attack: Breaking SSL with a 13-year old RC4 Weakness (2015)
- This POODLE bites: exploiting the SSL 3.0 fallback (POODLE, 2014)
- Lucky Thirteen: Breaking the TLS and DTLS Record Protocols (Lucky13, 2013
- SSL, gone in 30 seconds. Breach attack (BREACH,2013)
- On the Security of RC4 in TLS (2013)
- The CRIME Attack (CRIME, 2012)
- Here come the ⊕ Ninjas (BEAST, 2011)
- Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). RFC 7457 (2015)
-
Software Vulnerabilities
-
-
PKIX
-
Software Vulnerabilities
-
Incidents
- Secure» in Chrome Browser Does Not Mean «Safe» (2017)
- Overview of Symantec CA Issues (2014 (aprox) -2017)
- Sustaining Digital Certificate Security (Symantec, 2015)
- Improved Digital Certificate Security (Symantec, 2015)
- TURKTRUST Unauthorized CA Certificates. (2013)
- Flame malware collision attack explained (FLAME, 2012)
- An update on attempted man-in-the-middle attacks (DIGINOTAR, 2011)
- Detecting Certificate Authority compromises and web browser collusion (COMODO, 2011)
- A complete study of P.K.I. (PKI’s Known Incidents) (2019)
- Secure» in Chrome Browser Does Not Mean «Safe» (2017)
-
-
SSL Interception
-
Remarkable works
- Certified lies: Detecting and defeating government interception attacks against ssl (2011)
- How the NSA, and your boss, can intercept and break SSL (2013)
- The Matter of Heartbleed (2014)
- TLS interception considered harmful How Man-in-the-Middle filtering solutions harm the security of HTTPS (2015)
- The Risks of SSL Inspection (2015)
- The Security Impact of HTTPS Interception (2017)
- US-CERT TA17-075A Https interception weakens internet security (2017)
- The Security Impact of HTTPS Interception (2017)
- Killed by Proxy: Analyzing Client-end TLS Interception Software (2016)
- Understanding the prevalence of web traffic interception (2017)
-
SSL Interception-related Incidents
- Komodia superfish ssl validation is broken (2015)
- More TLS Man-in-the-Middle failures - Adguard, Privdog again and ProtocolFilters.dll (2015)
- Software Privdog worse than Superfish (2015)
- Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections (2015)
- How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security (2015)
-
-
Tools
-
Protocols
-
TLS 1.3
-
UTA (Use TLS in Applications) IETF WG
-
Strict Transport Security (STS)
-
HPKP
-
Certificate Transparency
-
CAA
-
DANE and DNSSEC
-
Categories
Sub Categories