Bulletproof SSL and TLS (Book, 2014) [WorldCat.org]
skip to content
Bulletproof SSL and TLS Preview this item
ClosePreview this item
Checking...

Bulletproof SSL and TLS

Author: Ivan Ristic
Publisher: London : Feisty Duck, 2014.
Edition/Format:   Print book : EnglishView all editions and formats
Summary:

Bulletproof SSL and TLS is a complete guide to using SSL and TLS encryption to deploy secure servers and web applications. Written by Ivan Ristic, the author of the popular SSL Labs web site, this  Read more...

Rating:

(not yet rated) 0 with reviews - Be the first.

Subjects
More like this

Find a copy online

Links to this item

Find a copy in the library

&AllPage.SpinnerRetrieving; Finding libraries that hold this item...

Details

Material Type: Internet resource
Document Type: Book, Internet Resource
All Authors / Contributors: Ivan Ristic
ISBN: 9781907117046 1907117040
OCLC Number: 889874499
Description: xxii, 506 pages : illustrations ; 24 cm
Contents: Machine generated contents note: Scope and Audience --
SSL versus TLS --
SSL Labs --
Online Resources --
Feedback --
About the Author --
Acknowledgments --
Transport Layer Security --
Networking Layers --
Protocol History --
Cryptography --
Building Blocks --
Protocols --
Attacking Cryptography --
Measuring Strength --
Man-in-the-Middle Attack --
Record Protocol --
Handshake Protocol --
Full Handshake --
Client Authentication --
Session Resumption --
Key Exchange --
RSA Key Exchange --
Diffie-Hellman Key Exchange --
Elliptic Curve Diffie-Hellman Key Exchange --
Authentication --
Encryption --
Stream Encryption --
Block Encryption --
Authenticated Encryption --
Renegotiation --
Application Data Protocol --
Alert Protocol --
Connection Closure --
Cryptographic Operations --
Pseudorandom Function --
Master Secret --
Key Generation --
Cipher Suites --
Extensions --
Application Layer Protocol Negotiation --
Certificate Transparency --
Elliptic Curve Capabilities --
Heartbeat Note continued: Next Protocol Negotiation --
Secure Renegotiation --
Server Name Indication --
Session Tickets --
Signature Algorithms --
OCSP Stapling --
Protocol Limitations --
Differences between Protocol Versions --
SSL 3 --
TLS 1.0 --
TLS 1.1 --
TLS 1.2 --
Internet PKI --
Standards --
Certificates --
Certificate Fields --
Certificate Extensions --
Certificate Chains --
Relying Parties --
Certification Authorities --
Certificate Lifecycle --
Revocation --
Weaknesses --
Root Key Compromise --
Ecosystem Measurements --
Improvements --
VeriSign Microsoft Code-Signing Certificate --
Thawte login.live.com --
StartCom Breach (2008) --
CertStar (Comodo) Mozilla Certificate --
RapidSSL Rogue CA Certificate --
Chosen-Prefix Collision Attack --
Construction of Colliding Certificates --
Predicting the Prefix --
What Happened Next --
Comodo Resellers Breaches --
StartCom Breach (2011) --
DigiNotar --
Public Discovery --
Fall of a Certification Authority Note continued: Man-in-the-Middle Attacks --
ComodoHacker Claims Responsibility --
DigiCert Sdn. Bhd. --
Flame --
Flame against Windows Update --
Flame against Windows Terminal Services --
Flame against MD5 --
TURKTRUST --
ANSSI --
National Informatics Centre of India --
Widespread SSL Interception --
Gogo --
Superfish and Friends --
CNNIC --
Sidejacking --
Cookie Stealing --
Cookie Manipulation --
Understanding HTTP Cookies --
Cookie Manipulation Attacks --
Impact --
Mitigation --
SSL Stripping --
MITM Certificates --
Certificate Warnings --
Why So Many Invalid Certificates? --
Effectiveness of Certificate Warnings --
Click-Through Warnings versus Exceptions --
Mitigation --
Security Indicators --
Mixed Content --
Root Causes --
Impact --
Browser Treatment --
Prevalence of Mixed Content --
Mitigation --
Extended Validation Certificates --
Certificate Revocation --
Inadequate Client-Side Support --
Key Issues with Revocation-Checking Standards Note continued: Certificate Revocation Lists --
Online Certificate Status Protocol --
Certificate Validation Flaws --
Library and Platform Validation Failures --
Application Validation Failures --
Hostname Validation Issues --
Random Number Generation --
Netscape Navigator (1994) --
Debian (2006) --
Insufficient Entropy on Embedded Devices --
Heartbleed --
Impact --
Mitigation --
FREAK --
Export Cryptography --
Attack --
Impact and Mitigation --
Logjam --
Active Attack against Insecure DHE Key Exchange --
Precomputation Attack against Insecure DHE Key Exchange --
State-Level Threats against Weak DH Key Exchange --
Impact --
Mitigation --
Protocol Downgrade Attacks --
Rollback Protection in SSL 3 --
Interoperability Problems --
Voluntary Protocol Downgrade --
Rollback Protection in TLS 1.0 and Better --
Attacking Voluntary Protocol Downgrade --
Modern Rollback Defenses --
Truncation Attacks --
Truncation Attack History --
Cookie Cutting --
Deployment Weaknesses Note continued: Virtual Host Confusion --
TLS Session Cache Sharing --
Insecure Renegotiation --
Why Was Renegotiation Insecure? --
Triggering the Weakness --
Attacks against HTTP --
Attacks against Other Protocols --
Insecure Renegotiation Issues Introduced by Architecture --
Impact --
Mitigation --
Discovery and Remediation Timeline --
BEAST --
How the Attack Works --
Client-Side Mitigation --
Server-Side Mitigation --
History --
Impact --
Compression Side Channel Attacks --
How the Compression Oracle Works --
History of Attacks --
CRIME --
Mitigation of Attacks against TLS and SPDY --
Mitigation of Attacks against HTTP Compression --
Lucky 13 --
What Is a Padding Oracle? --
Attacks against TLS --
Impact --
Mitigation --
RC4 Weaknesses --
Key Scheduling Weaknesses --
Early Single-Byte Biases --
Biases across the First 256 Bytes --
Double-Byte Biases --
Subsequent Improved Attacks --
Mitigation: RC4 versus BEAST, Lucky 13, and POODLE --
Triple Handshake Attack Note continued: The Attack --
Impact --
Prerequisites --
Mitigation --
POODLE --
Practical Attack --
Impact --
Mitigation --
Bullrun --
Dual Elliptic Curve Deterministic Random Bit Generator --
Key --
Key Algorithm --
Key Size --
Key Management --
Certificate --
Certificate Type --
Certificate Hostnames --
Certificate Sharing --
Signature Algorithm --
Certificate Chain --
Revocation --
Choosing the Right Certificate Authority --
Protocol Configuration --
Cipher Suite Configuration --
Server Cipher Suite Preference --
Cipher Strength --
Forward Secrecy --
Performance --
Interoperability --
Server Configuration and Architecture --
Shared Environments --
Virtual Secure Hosting --
Session Caching --
Complex Architectures --
Issue Mitigation --
Renegotiation --
BEAST (HTTP) --
CRIME (HTTP) --
Lucky 13 --
RC4 --
TIME and BREACH (HTTP) --
Triple Handshake Attack --
Heartbleed --
Pinning --
HTTP --
Making Full Use of Encryption --
Cookie Security Note continued: Backend Certificate and Hostname Validation --
HTTP Strict Transport Security --
Content Security Policy --
Protocol Downgrade Protection --
Latency and Connection Management --
TCP Optimization --
Connection Persistence --
SPDY, HTTP/2, and Beyond --
Content Delivery Networks --
TLS Protocol Optimization --
Key Exchange --
Certificates --
Revocation Checking --
Session Resumption --
Transport Overhead --
Symmetric Encryption --
TLS Record Buffering Latency --
Interoperability --
Hardware Acceleration --
Denial of Service Attacks --
Key Exchange and Encryption CPU Costs --
Client-Initiated Renegotiation --
Optimized TLS Denial of Service Attacks --
HTTP Strict Transport Security --
Configuring HSTS --
Ensuring Hostname Coverage --
Cookie Security --
Attack Vectors --
Browser Support --
Robust Deployment Checklist --
Privacy Implications --
Content Security Policy --
Preventing Mixed Content Issues --
Policy Testing --
Reporting --
Browser Support Note continued: Pinning --
What to Pin? --
Where to Pin? --
Should You Use Pinning? --
Pinning in Native Applications --
Chrome Public Key Pinning --
Microsoft Enhanced Mitigation Experience Toolkit --
Public Key Pinning Extension for HTTP --
DANE --
Trust Assertions for Certificate Keys (TACK) --
Certification Authority Authorization --
Getting Started --
Determine OpenSSL Version and Configuration --
Building OpenSSL --
Examine Available Commands --
Building a Trust Store --
Key and Certificate Management --
Key Generation --
Creating Certificate Signing Requests --
Creating CSRs from Existing Certificates --
Unattended CSR Generation --
Signing Your Own Certificates --
Creating Certificates Valid for Multiple Hostnames --
Examining Certificates --
Key and Certificate Conversion --
Configuration --
Cipher Suite Selection --
Performance --
Creating a Private Certification Authority --
Features and Limitations --
Creating a Root CA --
Creating a Subordinate CA Note continued: Connecting to SSL Services --
Testing Protocols that Upgrade to SSL --
Using Different Handshake Formats --
Extracting Remote Certificates --
Testing Protocol Support --
Testing Cipher Suite Support --
Testing Servers that Require SNI --
Testing Session Reuse --
Checking OCSP Revocation --
Testing OCSP Stapling --
Checking CRL Revocation --
Testing Renegotiation --
Testing for the BEAST Vulnerability --
Testing for Heartbleed --
Determining the Strength of Diffie-Hellman Parameters --
Installing Apache with Static OpenSSL --
Enabling TLS --
Configuring TLS Protocol --
Configuring Keys and Certificates --
Configuring Multiple Keys --
Wildcard and Multisite Certificates --
Virtual Secure Hosting --
Reserving Default Sites for Error Messages --
Forward Secrecy --
OCSP Stapling --
Configuring OCSP Stapling --
Handling Errors --
Using a Custom OCSP Responder --
Configuring Ephemeral DH Key Exchange --
TLS Session Management --
Standalone Session Cache Note continued: Standalone Session Tickets --
Distributed Session Caching --
Distributed Session Tickets --
Disabling Session Tickets --
Client Authentication --
Mitigating Protocol Issues --
Insecure Renegotiation --
BEAST --
CRIME --
Deploying HTTP Strict Transport Security --
Monitoring Session Cache Status --
Logging Negotiated TLS Parameters --
Advanced Logging with mod_sslhaf --
Java Cryptography Components --
Strong and Unlimited Encryption --
Provider Configuration --
Features Overview --
Protocol Vulnerabilities --
Interoperability Issues --
Tuning via Properties --
Common Error Messages --
Securing Java Web Applications --
Common Keystore Operations --
Tomcat --
Configuring TLS Handling --
JSSE Configuration --
APR and OpenSSL Configuration --
Schannel --
Features Overview --
Protocol Vulnerabilities --
Interoperability Issues --
Microsoft Root Certificate Program --
Managing System Trust Stores --
Importing a Trusted Certificate Note continued: Blacklisting Trusted Certificates --
Disabling the Auto-Update of Root Certificates --
Configuration --
Schannel Configuration --
Cipher Suite Configuration --
Key and Signature Restrictions --
Configuring Renegotiation --
Configuring Session Caching --
Monitoring Session Caching --
FIPS 140-2 --
Third-Party Utilities --
Securing ASP.NET Web Applications --
Enforcing SSL Usage --
Securing Cookies --
Securing Session Cookies and Forms Authentication --
Deploying HTTP Strict Transport Security --
Internet Information Server --
Managing Keys and Certificates --
Installing Nginz with Static OpenSSL --
Enabling TLS --
Configuring TLS Protocol --
Configuring Keys and Certificates --
Configuring Multiple Keys --
Wildcard and Multisite Certificates --
Virtual Secure Hosting --
Reserving Default Sites for Error Messages --
Forward Secrecy --
OCSP Stapling --
Configuring OCSP Stapling --
Using a Custom OCSP Responder --
Manual Configuration of OCSP Responses Note continued: Configuring Ephemeral DH Key Exchange --
Configuring Ephemeral ECDH Key Exchange --
TLS Session Management --
Standalone Session Cache --
Standalone Session Tickets --
Distributed Session Cache --
Distributed Session Tickets --
Disabling Session Tickets --
Client Authentication --
Mitigating Protocol Issues --
Insecure Renegotiation --
BEAST --
CRIME --
Deploying HTTP Strict Transport Security --
Tuning TLS Buffers --
Logging.
Responsibility: Ivan Ristić.

Reviews

User-contributed reviews
Retrieving GoodReads reviews...
Retrieving DOGObooks reviews...

Tags

Be the first.
Confirm this request

You may have already requested this item. Please select Ok if you would like to proceed with this request anyway.

Close Window

Please sign in to WorldCat 

Don't have an account? You can easily create a free account.