Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Good articles to read on SSL and HTTPS?

I had a problem with accepting invalid SSL certificate in my iPhone program. That problem is solved now, however I came to understanding that I have very abstract idea on how exactly the whole thing is working:

  • how web browser is verifying that received certificate is really for host it communicates to and not faked by same party in the middle?
  • if browser talks to some 3rd party (CA?) to do certificate check?

and many other questions... Would someone please recommend good source of information with in-depth enough description of how all parts click together?

like image 254
Igor Romanov Avatar asked Apr 26 '10 13:04

Igor Romanov


People also ask

Which is better HTTPS or SSL?

SSL is a secure protocol that provides safer conversations between two or more parties across the internet. It works on top of the HTTP to provide security. In terms of security, SSL is more secure than HTTPS.

Are all websites that use HTTPS trustworthy?

The answer is a definite no. The HTTPS or a SSL certificate alone is not a guarantee that the website is secure and can be trusted. Many people believe that a SSL Certificate means a website is safe to use.

Which is safest HTTP or HTTPS?

HTTPS is HTTP with encryption and verification. The only difference between the two protocols is that HTTPS uses TLS (SSL) to encrypt normal HTTP requests and responses, and to digitally sign those requests and responses. As a result, HTTPS is far more secure than HTTP.

Can you crack HTTPS?

HTTPS is a lot more secure than HTTP! If a site uses accounts, or publishes material that people might prefer to read in private, the site should be protected with HTTPS. Unfortunately, is still feasible for some attackers to break HTTPS.


2 Answers

Plenty of detail here: The First Few Milliseconds of an https Connection

And the definitive book on the subject: SSL and TLS: Designing and Building Secure Systems

like image 162
bignum Avatar answered Oct 12 '22 13:10

bignum


Check the articles here, specifically "Introduction to SSL" and "Building user authentication systems for client-server environments."

like image 27
Eugene Mayevski 'Callback Avatar answered Oct 12 '22 13:10

Eugene Mayevski 'Callback