The SSL protocols have a large number of weaknesses, and should not be used in any circumstances. Server Configuration ¶ Only Support Strong Protocols ¶ This cheatsheet will use the term "TLS" except where referring to the legacy protocols. The terms "SSL", "SSL/TLS" and "TLS" are frequently used interchangeably, and in many cases "SSL" is used when referring to the more modern TLS protocol. Subsequently TLS versions 1.1, 1.2 and 1.3 have been released. Both of these have serious cryptographic weaknesses and should no longer be used.įor various reasons the next version of the protocol (effectively SSL 3.1) was named Transport Layer Security (TLS) version 1.0. There were two publicly released versions of SSL - versions 2 and 3.
Secure Socket Layer (SSL) was the original protocol that was used to provide encryption for HTTP traffic, in the form of HTTPS.
BEST TLS VERSIONS HOW TO
This cheatsheet is primarily focused on how to use TLS to protect clients connecting to a web application over HTTPS although much of the guidance is also applicable to other uses of TLS. TLS is used by many other protocols to provide encryption and integrity, and can be used in a number of different ways. Authentication - allowing the client to verify that they are connected to the real server (note that the identity of the client is not verified unless client certificates are used).Replay prevention - protection against an attacker replaying requests against the server.Integrity - protection against an attacker modifying traffic.Confidentiality - protection against an attacker from reading the contents of traffic.When correctly implemented, TLS can provides a number of security benefits: This cheat sheet provides guidance on how to implement transport layer protection for an application using Transport Layer Security (TLS). Transport Layer Protection Cheat Sheet ¶ Introduction ¶ Use CAA Records to Restrict Which CAs can Issue CertificatesĬonsider the use of Extended Validation CertificatesĬonsider the use of Client-Side Certificates Use an Appropriate Certification Authority for the Application's User Base Use Strong Cryptographic Hashing AlgorithmsĬarefully Consider the use of Wildcard Certificates Insecure Direct Object Reference Prevention
0 kommentar(er)
