欢迎大家赞助一杯啤酒🍺 我们准备了下酒菜:Formal mathematics/Isabelle/ML, Formal verification/Coq/ACL2, C++/F#/Lisp
TLS
来自开放百科 - 灰狐
(版本间的差异)
小 (→协议) |
小 (→项目) |
||
| (未显示1个用户的35个中间版本) | |||
| 第1行: | 第1行: | ||
{{SeeWikipedia|Transport Layer Security}} | {{SeeWikipedia|Transport Layer Security}} | ||
| + | TLS/SSL | ||
| + | |||
| + | ==简介== | ||
Transport Layer Security (TLS) 和它的前任 Secure Sockets Layer (SSL) | Transport Layer Security (TLS) 和它的前任 Secure Sockets Layer (SSL) | ||
安全套接层(Secure Sockets Layer,SSL)是网景公司(Netscape)在推出Web浏览器首版的同时,提出的协议。SSL采用公开密钥技术,保证两个应用间通信的保密性和可靠性,使客户与服务器应用之间的通信不被攻击者窃听。可在服务器和客户机两端同时实现支持,目前已成为互联网上保密通讯的工业标准,现行Web浏览器亦普遍将Http和SSL相结合,从而实现安全通信。此协议和其继任者传输层安全(Transport Layer Security,TLS)是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。 | 安全套接层(Secure Sockets Layer,SSL)是网景公司(Netscape)在推出Web浏览器首版的同时,提出的协议。SSL采用公开密钥技术,保证两个应用间通信的保密性和可靠性,使客户与服务器应用之间的通信不被攻击者窃听。可在服务器和客户机两端同时实现支持,目前已成为互联网上保密通讯的工业标准,现行Web浏览器亦普遍将Http和SSL相结合,从而实现安全通信。此协议和其继任者传输层安全(Transport Layer Security,TLS)是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。 | ||
| + | |||
| + | [[文件:TLS-ECDHE-RSA-with-AES.png]] | ||
==新闻== | ==新闻== | ||
| − | *[http://www.solidot.org/story?sid=49774 奇虎承认它是沃通的最大股东] (2016.09) [https://www.wosign.com/ 沃通官网] | + | *[http://www.solidot.org/story?sid=50253 Let's Encrypt 推动HTTPS的普及] (2016.11.04) |
| + | *[http://www.solidot.org/story?sid=50116 Mozilla不再信任沃通CA,沃通宣布打一折] (2016.10.25) | ||
| + | *[http://www.solidot.org/story?sid=49774 奇虎承认它是沃通的最大股东] (2016.09.22) [https://www.wosign.com/ 沃通官网] | ||
| + | *[http://www.solidot.org/story?sid=49737 沃通证实收购StartCom] (2016.09.19) | ||
| + | *[http://www.solidot.org/story?sid=49623 Mozilla列举沃通CA的诸多问题] (2016.09.08) | ||
| + | *[http://www.solidot.org/story?sid=49564 沃通用FUD恐吓Let's Encrypt用户] (2016.09.04) | ||
==协议== | ==协议== | ||
| 第29行: | 第39行: | ||
|} | |} | ||
| − | == | + | ==标准== |
| + | *[https://github.com/tlswg/ Transport Layer Security @ GitHub] | ||
| − | == | + | ==项目== |
| + | [[文件:gnutls-logo.png|GnuTLS|right]] [[文件:Openssl.png|OpenSSL|right]] [[文件:LibreSSL-logo.jpeg|LibreSSL|right]] [[文件:Letsencrypt-logo.png|Let's Encrypt|right]] | ||
| + | [[文件:wolfSSL-logo.png|right|wolfSSL]] | ||
| + | *[https://github.com/tlswg/ TLSWG @ GitHub] | ||
*[[LibreSSL]] BSD license | *[[LibreSSL]] BSD license | ||
*[[OpenSSL]] BSD license | *[[OpenSSL]] BSD license | ||
*[[GnuTLS]] LGPL license | *[[GnuTLS]] LGPL license | ||
| + | *[https://boringssl.googlesource.com/boringssl/ BoringSSL] is a fork of OpenSSL that is designed to meet Google's needs. | ||
*[[mbed TLS]] Apache 2.0 license | *[[mbed TLS]] Apache 2.0 license | ||
| + | *[https://github.com/ctz/rustls Rustls] is a modern TLS library written in [[Rust]]. | ||
| + | *[https://github.com/awslabs/s2n s2n] Apache 2.0 license | ||
*[https://github.com/mono/mono-tls Mono TLS] | *[https://github.com/mono/mono-tls Mono TLS] | ||
| + | *[[Let's Encrypt]] | ||
| + | *[[CFSSL]]: CloudFlare's PKI/TLS toolkit, BSD-2-Clause, [[Go]]语言开发。 | ||
| + | *[https://github.com/cloudflare/keyless CloudFlare's Keyless SSL Server Reference Implementation] | ||
| + | *[https://github.com/google/certificate-transparency Auditing for TLS certificates] | ||
| + | *[https://github.com/Netflix/lemur Lemur] Certificate Manager | ||
| + | *[[Facebook]] [https://github.com/facebookincubator/fizz Fizz] is a [[C++14]] implementation of the TLS-1.3 standard. | ||
| + | *[https://github.com/randombit/botan Botan] Crypto and TLS for Modern C++ | ||
| + | *[https://github.com/mirleft/ocaml-tls ocaml-tls] TLS in pure [[OCaml]]. | ||
| + | *[https://github.com/wolfssl wolfSSL] Embedded SSL | ||
| + | |||
| + | ==服务== | ||
| + | *[https://uptime.netcraft.com/perf/reports/OCSP OCSP sites] | ||
| + | *[https://www.eff.org/observatory The EFF SSL Observatory] | ||
| + | |||
| + | ==比较== | ||
| + | *[https://zh.wikipedia.org/wiki/TLS%E7%9A%84%E5%BA%94%E7%94%A8%E5%AF%B9%E6%AF%94 TLS应用对比:GnuTLS、OpenSSL、wolfSSL] | ||
| + | *[https://www.wolfssl.com/docs/tls13/ Various Implementation Support for TLS 1.3: wolfSSL, BoringSSL, GnuTLS, MatrixSSL, OpenSSL, rustls] | ||
==图集== | ==图集== | ||
<gallery widths=100px heights=100px perrow=6> | <gallery widths=100px heights=100px perrow=6> | ||
| − | + | image:Simplified-SSL-Handshake-Sequence.png|简单的SSL握手过程 | |
| − | + | image:ssl-handshake-with-two-way-authentication-with-certificates.png|双向证书认证的SSL握手过程 | |
| − | + | image:SSL-Protocol-Stack.png|SSL协议栈 | |
| − | + | image:SSL-Record-Protocol.png|SSL记录协议 | |
| + | image:ssl-messages.gif|SSL消息 | ||
| + | image:jsse-api-key-classes.jpg|JSSE核心类 | ||
| + | image:ssl-engine.jpg|SSL引擎 | ||
| + | image:OpenSource-Cryptographic-Libraries.png|开源密码库 | ||
| + | image:SSL-Threat-Model.png|SSL威胁模型 | ||
</gallery> | </gallery> | ||
| 第53行: | 第92行: | ||
*RFC 5469 DES and IDEA Cipher Suites for TLS | *RFC 5469 DES and IDEA Cipher Suites for TLS | ||
*[https://www.shodan.io/report/EvoSNCVF Shodan SSL Survey] | *[https://www.shodan.io/report/EvoSNCVF Shodan SSL Survey] | ||
| − | + | *[https://raw.githubusercontent.com/citypw/citypw-SCFE/master/security/Documentation/ssl-tls_deployment_best_practices.txt SSL/TLS部署最佳实践] [http://hardenedlinux.org/cryptography/2015/07/28/ssl-tls-deployment-1.4.html SSL/TLS部署最佳实践v1.4] | |
| − | + | *[https://program-think.blogspot.com/2018/10/Comparison-of-DNS-Protocols.html?comment=1539870426967#1539870426967 对比4种强化域名安全的协议——DNSSEC,DNSCrypt,DNS over TLS,DNS over HTTPS] | |
[[category:TLS]] | [[category:TLS]] | ||
2022年5月21日 (六) 02:49的版本
|
您可以在Wikipedia上了解到此条目的英文信息 TLS Thanks, Wikipedia. |
TLS/SSL
目录 |
简介
Transport Layer Security (TLS) 和它的前任 Secure Sockets Layer (SSL)
安全套接层(Secure Sockets Layer,SSL)是网景公司(Netscape)在推出Web浏览器首版的同时,提出的协议。SSL采用公开密钥技术,保证两个应用间通信的保密性和可靠性,使客户与服务器应用之间的通信不被攻击者窃听。可在服务器和客户机两端同时实现支持,目前已成为互联网上保密通讯的工业标准,现行Web浏览器亦普遍将Http和SSL相结合,从而实现安全通信。此协议和其继任者传输层安全(Transport Layer Security,TLS)是为网络通信提供安全及数据完整性的一种安全协议。TLS与SSL在传输层对网络连接进行加密。
新闻
- Let's Encrypt 推动HTTPS的普及 (2016.11.04)
- Mozilla不再信任沃通CA,沃通宣布打一折 (2016.10.25)
- 奇虎承认它是沃通的最大股东 (2016.09.22) 沃通官网
- 沃通证实收购StartCom (2016.09.19)
- Mozilla列举沃通CA的诸多问题 (2016.09.08)
- 沃通用FUD恐吓Let's Encrypt用户 (2016.09.04)
协议
| 协议 | 年份 |
| SSL 1.0 | N/A |
| SSL 2.0 | 1995 |
| SSL 3.0 | 1996 |
| TLS 1.0 | 1999 |
| TLS 1.1 | 2006 |
| TLS 1.2 | 2008 |
| TLS 1.3 | 待定 |
标准
项目
- TLSWG @ GitHub
- LibreSSL BSD license
- OpenSSL BSD license
- GnuTLS LGPL license
- BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
- mbed TLS Apache 2.0 license
- Rustls is a modern TLS library written in Rust.
- s2n Apache 2.0 license
- Mono TLS
- Let's Encrypt
- CFSSL: CloudFlare's PKI/TLS toolkit, BSD-2-Clause, Go语言开发。
- CloudFlare's Keyless SSL Server Reference Implementation
- Auditing for TLS certificates
- Lemur Certificate Manager
- Facebook Fizz is a C++14 implementation of the TLS-1.3 standard.
- Botan Crypto and TLS for Modern C++
- ocaml-tls TLS in pure OCaml.
- wolfSSL Embedded SSL
服务
比较
- TLS应用对比:GnuTLS、OpenSSL、wolfSSL
- Various Implementation Support for TLS 1.3: wolfSSL, BoringSSL, GnuTLS, MatrixSSL, OpenSSL, rustls
图集
简单的SSL握手过程
双向证书认证的SSL握手过程
SSL协议栈
SSL记录协议
SSL消息
JSSE核心类
SSL引擎
开源密码库
SSL威胁模型
链接
- RFC 5246 TLS 1.2
- RFC 4346 TLS 1.1
- RFC 5746 TLS renegotiation
- RFC 4366 TLS Extensions
- RFC 5469 DES and IDEA Cipher Suites for TLS
- Shodan SSL Survey
- SSL/TLS部署最佳实践 SSL/TLS部署最佳实践v1.4
- 对比4种强化域名安全的协议——DNSSEC,DNSCrypt,DNS over TLS,DNS over HTTPS
分享您的观点
