开发者

Good articles to read on SSL and HTTPS?

I had a problem with accepting i开发者_JS百科nvalid SSL certificate in my iPhone program. That problem is solved now, however I came to understanding that I have very abstract idea on how exactly the whole thing is working:

  • how web browser is verifying that received certificate is really for host it communicates to and not faked by same party in the middle?
  • if browser talks to some 3rd party (CA?) to do certificate check?

and many other questions... Would someone please recommend good source of information with in-depth enough description of how all parts click together?


Plenty of detail here: The First Few Milliseconds of an https Connection

And the definitive book on the subject: SSL and TLS: Designing and Building Secure Systems


Check the articles here, specifically "Introduction to SSL" and "Building user authentication systems for client-server environments."


Web Spoofing Revisited: SSL and Beyond


This is an excellent BlakHat talk on modern attacks against SSL: http://www.thoughtcrime.org/software/sslstrip/ Chrome recently introduced "Strict Transport Security" for https which partially addresses Moxie Marlen Spikes attacks.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜