home • source • nvt

TLS

Overview

• 傳輸層安全性協定 - 维基百科

Let’s Encrypt

• Let’s Encrypt
• Certbot

Nginx on CentOS/RHEL 7

yum -y install yum-utils
yum-config-manager --enable rhui-REGION-rhel-server-extras rhui-REGION-rhel-server-optional
yum install certbot-nginx
certbot --nginx

Auto renew by crontab:

15 0  * * * certbot renew --quiet
45 12 * * * certbot renew --quiet

Manual get a certificate:

certbot certonly -d example.com --manual

HSTS

• HTTP严格传输安全 - 维基百科

HPKP

• HTTP公钥固定 - 维基百科

CT

• 证书透明度 - 维基百科

Tools

• SSL Server Test (Powered by Qualys SSL Labs)
• ssllabs/ssllabs-scan: A command-line reference-implementation client for SSL Labs APIs, designed for automated and/or bulk testing.
• Generate Mozilla Security Recommended Web Server Configuration Files
• SteveLTN/https-portal: A fully automated HTTPS server powered by Nginx, Let’s Encrypt and Docker.
• square/certstrap: Tools to bootstrap CAs, certificate requests, and signed certificates.
• SSLMate/certspotter: Certificate Transparency Log Monitor

Resources

• google/nogotofail
• TLS 握手优化详解 | JerryQu 的小站
• 开始使用 ECC 证书 | JerryQu 的小站
• Let’s Encrypt，免费好用的 HTTPS 证书 | JerryQu 的小站
• Qualys SSL Labs
• Security with HTTPS and SSL | Android Developers
• HTTPS是如何工作的 - 众成翻译
• SSL/TLS 概览 | 自言自语
• k8sp/tls: TLS完全指南
• Weak Diffie-Hellman and the Logjam Attack
• Is TLS Fast Yet?