Transport Layer Security

Hypertext Transfer Protocol Secure (HTTPS) is an extension of the Hypertext Transfer Protocol (HTTP). It uses encryption for secure communication over a computer network, and is widely used on the Internet. In HTTPS, the communication protocol is encrypted using Transport Layer Security (TLS) or, formerly, Secure Sockets Layer (SSL). The protocol is therefore also referred to as HTTP over TLS, or HTTP over SSL.

cryptographic protocols for securing data in transit

Heartbleed is a security bug in some outdated versions of the OpenSSL cryptography library, which is a widely used implementation of the Transport Layer Security (TLS) protocol. It was introduced into the software in 2012 and publicly disclosed in April 2014. Heartbleed could be exploited regardless of whether the vulnerable OpenSSL instance is running as a TLS server or client. It resulted from improper input validation (due to a missing bounds check) in the implementation of the TLS heartbeat extension. Thus, the bug's name derived from heartbeat. The vulnerability was classified as a buffer

form of active eavesdropping in which the attacker makes connections with the victims and relays messages between them

system that can issue, distribute and verify digital certificates

certificate authority launched in 2015

entity that issues digital certificates

property of secure communication protocols in which compromise of long-term keys does not compromise past session keys

FTPS (also known as FTP-SSL and FTP Secure) is an extension to the commonly used File Transfer Protocol (FTP) that adds support for the Transport Layer Security (TLS) and, formerly, the Secure Sockets Layer (SSL, which is now prohibited by RFC7568) cryptographic protocols.

HTTP response header field and associated policy

communications protocol

CAcert.org is a community-driven certificate authority that issues free X.509 public key certificates. CAcert.org relies heavily on automation and therefore issues only Domain-validated certificates (and not Extended validation or Organization Validation certificates).

protocol to encrypt DNS queries using TLS

TLS extension, where a client states the hostname at the start of the handshake so that a server can present multiple certificates on the same address/port; so it can serve multiple HTTPS sites at the same IP address with different certificates

in computing, a list of revoked certificates

communications protocol; lets datagram-based applications communicate in a way designed to prevent eavesdropping, tampering, or message forgery

browser extension for making web browsers use HTTPS instead of HTTP when possible

POODLE (which stands for "Padding Oracle On Downgraded Legacy Encryption") is a security vulnerability which takes advantage of the fallback to SSL 3.0. If attackers successfully exploit this vulnerability, on average, they only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages. Bodo Möller, Thai Duong and Krzysztof Kotowicz from the Google Security Team discovered this vulnerability; they disclosed the vulnerability publicly on October 14, 2014 (despite the paper being dated "September 2014"). On December 8, 2014, a variation of the POODLE vulnerability that affected

extension to plain text communication protocols, which offers a way to upgrade to encrypted connections

certificate used for HTTPS websites and software that proves the legal entity controlling the website or software package; obtaining an EV certificate requires verification of the requesting entity's identity by a certificate authority

Internet security mechanism delivered via an HTTP header which allows HTTPS websites to resist impersonation by attackers using mis-issued or otherwise fraudulent certificates

self-signed public key certificate that identifies a root certificate authority; forms the basis of an X.509-based public key infrastructure

FREAK ("Factoring RSA Export Keys") is a security exploit of a cryptographic weakness in the SSL/TLS protocols introduced decades earlier for compliance with U.S. cryptography export regulations. These involved limiting exportable software to use only public key pairs with RSA moduli of 512 bits or fewer (so-called RSA EXPORT keys), with the intention of allowing them to be broken easily by the National Security Agency (NSA), but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with a

an Internet security policy mechanism

cryptographic attack that forces the use of weaker or no encryption

CRIME (Compression Ratio Info-leak Made Easy) is a security vulnerability in HTTPS and SPDY protocols that utilize compression, which can leak the content of secret web cookies. When used to recover the content of secret authentication cookies, it allows an attacker to perform session hijacking on an authenticated web session, allowing the launching of further attacks. CRIME was assigned .

Set of algorithms that help secure a network connection

Internet security standard for auditing digital certificates by creating public logs recording certificates issued by publicly trusted certificate authorities, allowing efficient identification of mistakenly or maliciously issued certificates

Transport Layer Security extension for application layer protocol negotiation

Internet security protocol

proxy server, intermediary between client and server

attack which uses the padding validation of a cryptographic message to decrypt the ciphertext

thumb|The official logo BREACH (a backronym: Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext) is a security vulnerability against HTTPS when using HTTP compression. BREACH is built based on the CRIME security exploit. BREACH was announced at the August 2013 Black Hat USA conference by security researchers Angelo Prado, Neal Harris and Yoel Gluck. ==Details==

security vulnerability against a Diffie–Hellman key exchange ranging from 512-bit to 1024-bit keys, publicly reported on 20 May 2015

state-actor security exploit by the government of Kazakhstan

protocol that encapsulates the Extensible Authentication Protocol (EAP) within an encrypted and authenticated TLS tunnel

SMTPS (Simple Mail Transfer Protocol Secure) is a method for securing the SMTP using transport layer security. It is intended to provide authentication of the communication partners, as well as data integrity and confidentiality.

cryptographic timing attack against implementations of TLS that use the CBC mode, reported in February 2013 by N. J. AlFardan and K. Paterson

cross-protocol attack against TLS using the SSLv2 protocol