Search: [tls] - Bookmarks

Ciphersuite Info: Suggested TLS configurations https://ciphersuite.info/cs/?sort=desc&security=secure&singlepage=true

Thu 28 Apr 2022 08:51:50 PM PDT

An interactive list of ciphersuite configurations that can be searched, sorted, and queried. The link bookmarked is a best practice set, from strongest to least trustworthy cryptosystems.

coroner/cryptolyzer https://gitlab.com/coroner/cryptolyzer

Wed 02 Feb 2022 02:32:55 PM PST

CryptoLyzer is a fast and flexible server cryptographic settings analyzer library for Python with an easy-to-use command line interface with both human- and machine-readable output. It works with multiple cryptographic protocols (SSL/TLS, opportunistic TLS, SSH) and
analyzes additional security mechanisms (web security related HTTP response header fields, JA3 tag).

Applied Crypto Hardening: bettercrypto.org https://bettercrypto.org/

Mon 03 Aug 2020 08:14:26 PM PDT

Current version: Version 1.X, 2018-12-21

This guide arose out of the need for system administrators to have an updated, solid, well researched and thought-through guide for configuring SSL, PGP, SSH and other cryptographic tools in the post-Snowden age. Triggered by the NSA leaks in the summer of 2013, many system administrators and IT security officers saw the need to strengthen their encryption settings. This guide is specifically written for these system administrators.

The focus of this guide is merely to give current best practices for configuring complex cipher suites and related parameters in a copy & paste-able manner. The guide tries to stay as concise as is possible for such a complex topic as cryptography. Naturally, it can not be complete. There are many excellent guides (II & SYM, 2012) and best practice documents available when it comes to cryptography. However none of them focuses specifically on what an average system administrator needs for hardening his or her systems' crypto settings.

GitHub - drwetter/testssl.sh: Testing TLS/SSL encryption anywhere on any port https://github.com/drwetter/testssl.sh

Thu 13 Jun 2019 03:52:44 PM PDT

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as some cryptographic flaws. Clear human-readable and machine-readable outputs. No installation needed, uses only bash. Test any SSL/TLS enabled service on any port.

Security/Server Side TLS - MozillaWiki https://wiki.mozilla.org/Security/Server_Side_TLS

Wed 20 Mar 2019 02:41:23 PM PDT

The goal of this document is to help operational teams with the configuration of TLS on servers. All Mozilla sites and deployment should follow the recommendations below. The Operations Security (OpSec) team maintains this document as a reference guide to navigate the TLS landscape. It contains information on TLS protocols, known issues and vulnerabilities, configuration examples and testing tools. Changes are reviewed and merged by the OpSec team, and broadcasted to the various Operational teams.

FiloSottile/mkcert: A simple zero-config tool to make locally trusted development certificates with any names you'd like. https://github.com/FiloSottile/mkcert

Mon 07 Jan 2019 10:09:40 PM PST

A simple zero-config tool to make locally trusted development certificates with any names you'd like. Does this by adding (and managing) a local CA on your laptop which you can issue arbitrary certs for (including localhost).

STARTTLS Everywhere https://starttls-everywhere.org/

Mon 25 Jun 2018 08:47:43 PM PDT

Secure your email server with STARTTLS Everywhere! Your email service can be insecure in numerous different ways. The service below performs a quick check of your email server's security configuration, including whether STARTTLS is supported, and whether it may qualify for the STARTTLS Policy List.

Mandos - FUKTwiki http://wiki.fukt.bsnet.se/wiki/Mandos

Tue 20 Mar 2018 02:11:25 AM PDT

A system for allowing the reboot of servers with encrypted hard drives when you arent physically present to type in the passphrases. It relies upon strictly timed encrypted network communications with trusted systems and the use of PGP to decrypt some of the keying material.

Hardening Your Web Server’s SSL Ciphers — Hynek Schlawack http://hynek.me/articles/hardening-your-web-servers-ssl-ciphers/

Tue 20 Mar 2018 12:32:57 AM PDT

How to harden SSL support on your web server to mitigate attacks like BREACH, BEAST, and Lucky 13. Updated regularly.

XMPP Intermediate Certification Authority https://xmpp.net/

Tue 20 Mar 2018 12:28:59 AM PDT

Plug an XMPP server or client into this site and it'll audit certain aspects of its COMSEC posture, such as key sizes, whether or not crypto is enabled, and what crypto protocols it supports. If you're paranoid about instant messaging, you may wish to start by using this site.

SSL Library mbed TLS / PolarSSL: Download for free or buy a commercial license https://tls.mbed.org/

Tue 20 Mar 2018 12:09:08 AM PDT

mbed TLS (formerly PolarSSL) is an SSL implementation written from scratch designed for use in embedded applications and systems. The API was designed to make sense (unlike some other implementations I could mention) and the source code is written with readability in mind. Written in C as portably as possible. Modules are designed to be as loosely coupled as is feasible. opensource by default, but they do ask you to purchase commercial licenses if appropriate. Has a not-insignificant list of commercial and government users.

Strong SSL Security on nginx - Raymii.org https://raymii.org/s/tutorials/Strong_SSL_Security_On_nginx.html

Mon 19 Mar 2018 05:23:41 PM PDT

A tutorial on how to harden SSL and TLS in Nginx. Includes changing and increasing the size of Diffie-Hellman parameters for better security.

Links per page

Filters