Skip to content

A collection of awesome framework, libraries, learning tutorials, videos, webcasts, technical resources and cool stuff about SSL / TLS

License

Notifications You must be signed in to change notification settings

paulveillard/cybersecurity-tls-security

Repository files navigation

Transport Layer Security (TLS): Theory, Techniques, and Tools

An ongoing & curated collection of awesome software best practices and techniques, libraries and frameworks, E-books and videos, websites, blog posts, links to github Repositories, technical guidelines and important resources about TLS in Cybersecurity.

Thanks to all contributors, you're awesome and wouldn't be possible without you! Our goal is to build a categorized community-driven collection of very well-known resources.

What is TLS?

TLS encrypts communications between a client and server, primarily web browsers and web sites/applications. Specifically, TLS is a cryptographic protocol that provides end-to-end security of data sent between applications over the Internet.

Transport Layer Security (TLS) encrypts data sent over the Internet to ensure that eavesdroppers and hackers are unable to see what you transmit which is particularly useful for private and sensitive information such as passwords, credit card numbers, and personal correspondence. tls

SSL (Secure Sockets Layer) encryption, and its more modern and secure replacement, TLS (Transport Layer Security) encryption, protect data sent over the internet or a computer network.

tls-history

  • TLS evolved from Secure Socket Layers (SSL) which was originally developed by Netscape Communications Corporation in 1994 to secure web sessions. SSL 1.0 was never publicly released, whilst SSL 2.0 was quickly replaced by SSL 3.0 on which TLS is based.

How Does SSL/TLS Encryption Work?

SSL/TLS uses both asymmetric and symmetric encryption to protect the confidentiality and integrity of data-in-transit. Asymmetric encryption is used to establish a secure session between a client and a server, and symmetric encryption is used to exchange data within the secured session.

A website must have an SSL/TLS certificate for their web server/domain name to use SSL/TLS encryption. Once installed, the certificate enables the client and server to securely negotiate the level of encryption in the following steps:

handshake

    1. The client contacts the server using a secure URL (HTTPS…).
    1. The server sends the client its certificate and public key.
    1. The client verifies this with a Trusted Root Certification Authority to ensure the certificate is legitimate.
    1. The client and server negotiate the strongest type of encryption that each can support.
    1. The client encrypts a session (secret) key with the server’s public key, and sends it back to the server.
    1. The server decrypts the client communication with its private key, and the session is established.
    1. The session key (symmetric encryption) is now used to encrypt and decrypt data transmitted between the client and server. Both the client and server are now using HTTPS (SSL/TLS + HTTP) for their communication. Web browsers validate this with a lock icon in the browser address bar. HTTPS functions over Port 443.

Once you leave the website, those keys are discarded. On your next visit, a new handshake is negotiated, and a new set of keys are generated.

Table of Contents

SSL/TLS Protocol History

Protocol Name Release Date Author RFC
SSL 1.0 N/A Netscape N/A
SSL 2.0 1995 Netscape N/A
SSL 3.0 1996 Netscape N/A
TLS 1.0 1999-01 IETF TLS Working Group RFC 2246
TLS 1.1 2006-04 IETF TLS Working Group RFC 4346
TLS 1.2 2008-08 IETF TLS Working Group RFC 5246
TLS 1.3 2018-08 IETF TLS Working Group RFC 8446

SSL/TLS Hacks

Cryptographic Issues

CBC Issues

Attack Name Published Date Affected Version Paper
Bleichenbacher 2003-09 SSL 3.0 Klima, Vlastimil, Ondrej Pokorný, and Tomáš Rosa. "Attacking RSA-based sessions in SSL/TLS." International Workshop on Cryptographic Hardware and Embedded Systems. Springer, Berlin, Heidelberg, 2003.
BEAST 2011-05 SSL 3.0, TLS 1.0 Rizzo, Juliano, and Thai Duong. "Here come the xor ninjas." In Ekoparty Security Conference, 2011.
Lucky Thirteen 2013-02 SSL 3.0, TLS 1.0, TLS 1.1, TLS 1.2 Al Fardan, Nadhem J., and Kenneth G. Paterson. "Lucky thirteen: Breaking the TLS and DTLS record protocols." 2013 IEEE Symposium on Security and Privacy. IEEE, 2013.
POODLE 2014-10 SSL 3.0 Möller, Bodo, Thai Duong, and Krzysztof Kotowicz. "This POODLE bites: exploiting the SSL 3.0 fallback." Security Advisory (2014).
DROWN 2016-08 SSL 2.0 Aviram, Nimrod, et al. "DROWN: Breaking TLS Using SSLv2." 25th USENIX Security Symposium (USENIX Security 16). 2016.

RC4 Issues

Attack Name Published Date Paper
Single-byte Bias & Double-byte Bias 2013-07 AlFardan, Nadhem, et al. "On the Security of RC4 in TLS." Presented as part of the 22nd USENIX Security Symposium (USENIX Security 13). 2013.
N/A 2015-03 Garman, Christina, Kenneth G. Paterson, and Thyla Van der Merwe. "Attacks Only Get Better: Password Recovery Attacks Against RC4 in TLS." 24th USENIX Security Symposium (USENIX Security 15). 2015.
Bar-Mitzva 2015-03 Mantin, Itsik. "Bar-Mitzva Attack: Breaking SSL with 13-Year Old RC4 Weakness." Black Hat Asia (2015).
N/A 2015-07 Vanhoef, Mathy, and Frank Piessens. "All your biases belong to us: Breaking RC4 in WPA-TKIP and TLS." 24th USENIX Security Symposium (USENIX Security 15). 2015.

Compression Issues

Attack Name Published Date Paper
CRIME 2012-09 Rizzo, Juliano, and Thai Duong. "The CRIME attack." Ekoparty Security Conference. 2012.
TIME 2013-03 Be’ery, Tal, and Amichai Shulman. "A perfect CRIME? only TIME will tell." Black Hat Europe 2013 (2013).
BREACH 2013-03 Prado, A., N. Harris, and Y. Gluck. "The BREACH Attack." (2013).

RSA Issues

Attack Name Published Date Paper
Adaptive chosen ciphertext attack 1998-08 Bleichenbacher, Daniel. "Chosen ciphertext attacks against protocols based on the RSA encryption standard PKCS# 1." Annual International Cryptology Conference. Springer, Berlin, Heidelberg, 1998.
ROBOT 2018-08 Böck, Hanno, Juraj Somorovsky, and Craig Young. "Return Of Bleichenbacher’s Oracle Threat (ROBOT)." 27th USENIX Security Symposium (USENIX Security 18). 2018.

Implementation Issues

Attack Name Published Date Paper
OpenSSL Heartbleed 2014-04 Durumeric, Zakir, et al. "The matter of heartbleed." Proceedings of the 2014 conference on internet measurement conference. 2014.
Triple Handshake 2014-05 Bhargavan, Karthikeyan, et al. "Triple handshakes and cookie cutters: Breaking and fixing authentication over TLS." 2014 IEEE Symposium on Security and Privacy. IEEE, 2014.
FREAK 2015-05 Beurdouche, Benjamin, et al. "A messy state of the union: Taming the composite state machines of TLS." 2015 IEEE Symposium on Security and Privacy. IEEE, 2015.
Logjam 2015-10 Adrian, David, et al. "Imperfect forward secrecy: How Diffie-Hellman fails in practice." Proceedings of the 22nd ACM SIGSAC Conference on Computer and Communications Security. 2015.
SLOTH 2016-02 Bhargavan, Karthikeyan, and Gaëtan Leurent. "Transcript Collision Attacks: Breaking Authentication in TLS, IKE, and SSH." In Network and Distributed System Security Symposium (NDSS). 2016.

Some Open Source Implementations of SSL/TLS

Implementation Initial release Developed by Written in
NSS 1998-03 Mozilla, AOL, Red Hat, Sun, Oracle, Google and others C, Assembly
OpenSSL 1998-12 OpenSSL Project C, Assembly
GnuTLS 2000-03 GnuTLS Project C
MatrixSSL 2004-01 PeerSec Networks C
wolfSSL 2006-02 wolfSSL C
MbedTLS 2009-01 Arm C
BoringSSL 2014-06 Google C, C++, Go, Assembly
s2n 2014-06 Amazon C
LibreSSL 2014-07 OpenBSD Project C, Assembly
Rustls 2016-08 Joseph Birr-Pixton etc. Rust
Fizz 2018-06 Facebook C++

More information:
https://en.wikipedia.org/wiki/Comparison_of_TLS_implementations

OpenSSL Version History

Major version Original release date Last minor version Last update date
0.9.1 1998-12-23 0.9.1c 1998-12-23
0.9.2 1999-03-22 0.9.2b 1999-04-06
0.9.3 1999-05-25 0.9.3a 1999-05-27
0.9.4 1999-08-09 0.9.4 1999-08-09
0.9.5 2000-02-28 0.9.5a 2000-04-01
0.9.6 2000-09-24 0.9.6m 2004-03-17
0.9.7 2002-12-31 0.9.7m 2007-02-23
0.9.8 2005-07-05 0.9.8zh 2015-12-03
1.0.0 2010-03-29 1.0.0t 2015-12-03
1.0.1 2012-03-14 1.0.1u 2016-09-22
1.0.2 2015-01-22 1.0.2u 2019-12-20
1.1.0 2016-08-25 1.1.0l 2019-09-10
1.1.1 2018-09-11 1.1.1l 2021-08-24

Vulnerabilities

Fizz Vulnerabilities

CVE-ID Disclosure date Type Analysis
CVE-2019-3560 2019-02-26 Server Side DoS Facebook Fizz integer overflow vulnerability (CVE-2019-3560)
CVE-2019-11924 2019-08-09 Server Side Memory Leak Facebook Fizz memory leak vulnerability (CVE-2019-11924) reproduce and analysis

OpenSSL Vulnerabilities

Tools

Fuzzing

tlsfuzzer
https://github.com/tomato42/tlsfuzzer

boofuzz
https://github.com/jtpereyda/boofuzz

Fuzzowski
https://github.com/nccgroup/fuzzowski

AFLNet
https://github.com/aflnet/aflnet

Programing

Python built-in TLS wrapper
https://docs.python.org/3.8/library/ssl.html

Go Package tls
https://golang.org/pkg/crypto/tls/

tlslite-ng: TLS implementation in pure python
https://github.com/tomato42/tlslite-ng

Scapy: the Python-based interactive packet manipulation program & library
https://github.com/secdev/scapy/

Scanning

SSLyze: Fast and powerful SSL/TLS scanning library
https://github.com/nabla-c0d3/sslyze

testSSL: Testing TLS/SSL encryption
https://github.com/drwetter/testssl.sh

Qualys SSL Labs online tests
https://www.ssllabs.com/projects/index.html

Others

The New Illustrated TLS Connection
https://tls13.ulfheim.net/

Glossary

Abbreviation Explanation
SSL Secure Sockets Layer
TLS Transport Layer Security
IETF Internet Engineering Task Force
POODLE Padding Oracle On Downgrade Legacy Encryption
DROWN Decrypting RSA using Obsolete and Weakened eNcryption
CRIME Compression Ratio Info-leak Made Easy
TIME Timing Info-leak Made Easy
BREACH Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext
FREAK Factoring RSA Export Keys

TLS General

Trends

Pervasive Monitoring

Certificates / PKIX

Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. RFC 5280

Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). RFC 6125

tls - How does OCSP stapling work? - Information Security Stack Exchange. (2013)

TLS Attacks

Overview

SSL/TLS Vulnerabilities

ATTACKS ON SSL A COMPREHENSIVE STUDY OF BEAST, CRIME, TIME, BREACH, LUCK Y 13 & RC4 BIASES

Recent Attacks

TLS/SSL

On the Practical (In-)Security of 64-bit Block Ciphers: Collision Attacks on HTTP over TLS and OpenVPN (SWEET32, 2016)

Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS). RFC 7457 (2015)

DROWN: Breaking TLS Using SSLv2 (DROWN, 2016)

Out of Character: Use of Punycode and Homoglyph Attacks to Obfuscate URLs for Phishing (2015)

All Your Biases Belong to Us: Breaking RC4 in WPA-TKIP and TLS (RC4NOMORE, 2015)

Imperfect Forward Secrecy: How Diffie-Hellman Fails in Practice (LOGJAM, 2015)

A messy state of the union: Taming the composite state machines of TLS (2015)

Bar Mitzvah Attack: Breaking SSL with a 13-year old RC4 Weakness (2015)

This POODLE bites: exploiting the SSL 3.0 fallback (POODLE, 2014)

Lucky Thirteen: Breaking the TLS and DTLS Record Protocols (Lucky13, 2013

SSL, gone in 30 seconds. Breach attack (BREACH,2013)

On the Security of RC4 in TLS (2013)

The CRIME Attack (CRIME, 2012)

Here come the ⊕ Ninjas (BEAST, 2011)

Software Vulnerabilities

Java’s SSLSocket: How Bad APIs compromise security (2015)

A Survey on {HTTPS} Implementation by Android Apps: Issues and Countermeasures

PKIX

Analysis of the HTTPS Certificate Ecosystem (2013)

Incidents

Secure» in Chrome Browser Does Not Mean «Safe» (2017)

Overview of Symantec CA Issues (2014 (aprox) -2017)

Intent to Deprecate and Remove: Trust in existing Symantec-issued Certificates (Symantec, 2017)

Incidents involving the CA WoSign (WoSign, 2016)

Sustaining Digital Certificate Security (Symantec, 2015)

Improved Digital Certificate Security (Symantec, 2015)

TURKTRUST Unauthorized CA Certificates. (2013)

Flame malware collision attack explained (FLAME, 2012)

An update on attempted man-in-the-middle attacks (DIGINOTAR, 2011)

Detecting Certificate Authority compromises and web browser collusion (COMODO, 2011)

SSL Interception

Remarkable works

Certified lies: Detecting and defeating government interception attacks against ssl (2011)

The Security Impact of HTTPS Interception (2017)

US-CERT TA17-075A Https interception weakens internet security (2017)

Killed by Proxy: Analyzing Client-end TLS Interception Software (2016)

TLS interception considered harmful How Man-in-the-Middle filtering solutions harm the security of HTTPS (2015)

The Risks of SSL Inspection (2015)

TLS in the wild—An Internet-wide analysis of TLS-based protocols for electronic communication (2015)

The Matter of Heartbleed (2014)

How the NSA, and your boss, can intercept and break SSL (2013)

SSL Interception-related Incidents

Komodia superfish ssl validation is broken (2015)

More TLS Man-in-the-Middle failures - Adguard, Privdog again and ProtocolFilters.dll (2015)

Software Privdog worse than Superfish (2015)

Superfish 2.0: Dangerous Certificate on Dell Laptops breaks encrypted HTTPS Connections (2015)

How Kaspersky makes you vulnerable to the FREAK attack and other ways Antivirus software lowers your HTTPS security (2015)

Tools

TLS Audit

Online

Qualys SSL Server Test

Qualys SSL Client Test

Local

sslyze

Qualys SSL Labs (local version)

testssl.sh

Sysadmins

Qualys SSL/TLS Deployment Best Practices

Mozilla's Recommendations for TLS Servers

IISCrypto: Tune up your Windows Server TLS configuration

MITM

bettercap - A complete, modular, portable and easily extensible MITM framework’

dns2proxy

MITMf

Protocols

UTA (Use TLS in Applications) IETF WG

Strict Transport Security (STS)

HPKP

Certificate Transparency

CAA

DANE and DNSSEC

SSL / TLS Best Practices

^ back to top ^

License

MIT License & cc license

Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 International License.

To the extent possible under law, Paul Veillard has waived all copyright and related or neighboring rights to this work.