Good articles to read on SSL and HTTPS?

views:

144

answers:

+6 Q:

Good articles to read on SSL and HTTPS?

I had a problem with accepting invalid SSL certificate in my iPhone program. That problem is solved now, however I came to understanding that I have very abstract idea on how exactly the whole thing is working:

how web browser is verifying that received certificate is really for host it communicates to and not faked by same party in the middle?
if browser talks to some 3rd party (CA?) to do certificate check?

and many other questions... Would someone please recommend good source of information with in-depth enough description of how all parts click together?

Web Spoofing Revisited: SSL and Beyond

2010-04-26 13:55:51

+5 A:

Plenty of detail here: The First Few Milliseconds of an https Connection

And the definitive book on the subject: SSL and TLS: Designing and Building Secure Systems

bignum 2010-04-26 13:59:28

+1 for your first link, excellent read.

Rook 2010-04-26 16:26:49

that blog post is amazing! real eye opener, no less.

Igor Romanov 2010-04-28 09:41:51

Check the articles here, specifically "Introduction to SSL" and "Building user authentication systems for client-server environments."

Eugene Mayevski 'EldoS Corp 2010-04-26 14:09:54

This is an excellent BlakHat talk on modern attacks against SSL: http://www.thoughtcrime.org/software/sslstrip/ Chrome recently introduced "Strict Transport Security" for https which partially addresses Moxie Marlen Spikes attacks.

Rook 2010-04-26 16:28:45

Here is a basic introduction to SSL for developers: http://www.sslshopper.com/article-ssl-for-newbs.html

There is also much more information in the SSL FAQ on that site.

Robert 2010-04-27 14:16:13

ansaurus

tags:

views:

answers:

Good articles to read on SSL and HTTPS?

related questions