Difference between revisions of "Transport Layer Security (TLS)"
Jump to navigation
Jump to search
| (53 intermediate revisions by 5 users not shown) | |||
| Line 1: | Line 1: | ||
| − | + | [[wikipedia:Transport Layer Security]] [[cryptographic protocol]] successor to [[SSL]] (deprecated since 2011). | |
| − | [[ | + | Once the client and server have agreed to use TLS, they negotiate a stateful connection by using a handshaking procedure. The protocols use a handshake with an [[asymmetric cipher]] to establish not only cipher settings but also a session-specific shared key with which further communication is encrypted using a [[symmetric cipher]]. |
| + | * https://support.apple.com/en-us/HT211025, 398 days | ||
| − | [[macOS | + | |
| − | * TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits | + | {{SSL TOC}} |
| + | |||
| + | |||
| + | |||
| + | [[macOS 10.15]] (June 2019) and [[IOS]] 13 requirements (https://support.apple.com/en-us/HT210176) | ||
| + | * TLS server certificates and issuing CAs using [[RSA]] keys must use key sizes greater than or equal to 2048 bits | ||
| + | * [[SHA-2]] | ||
| + | |||
| + | * 2014 [[LibreSSL]] | ||
| + | * [[OpenVPN]] (2001) | ||
| + | * [[X.509]] | ||
| + | * [[SHA-224]], [[MD5]] | ||
| + | * [[HKDF]] | ||
| + | * <code>[[cfssl]]</code> | ||
| Line 41: | Line 55: | ||
| | | | ||
|- | |- | ||
| − | !scope="row"| TLS 1.3 | + | !scope="row"| [[TLS 1.3]] |
| 2018 | | 2018 | ||
| | | | ||
| + | |- | ||
|} | |} | ||
| + | == Errors == | ||
| + | * [[unable to get local issuer certificate]] | ||
| + | == Related terms == | ||
| + | * [[Key Exchange]] | ||
| + | * [[SMTPS]] ((TCP port number 465 using TLS)) (deprecated) | ||
| + | * [[HTTPS]] | ||
| + | * [[STARTTLS]] | ||
| + | * <code>[[podman pull]] [[--tls-verify]]=false</code> | ||
| + | * <code>[[ssl_protocols]]</code> [[Nginx directive]] | ||
| + | * [[Your connection is not private]] | ||
| + | * [[NET::ERR CERT INVALID]] | ||
| + | * [[ALB]]: [[AWS Application Load Balancer (ALB)]] | ||
| + | * [[SSL Certificate Checker]] | ||
| + | * [[Datagram Transport Layer Security (DTLS)]] | ||
| + | * <code>[[tls_private_key]]</code> | ||
| + | * [[k8s cert-manager]] | ||
| + | * [[Predefined SSL security policies for Classic Load Balancers]] | ||
| + | * [[Certificate signed by unknown authority]] | ||
| + | * [[SSL/TLS]] Protocol: [[TLSv1.2]],[[ECDHE]]-[[ECDSA]]-[[CHACHA20]]-[[POLY1305]],256,256 | ||
| + | * [[openssl s client -connect]] | ||
| + | * [[HTTP Message Signatures]] | ||
== See also == | == See also == | ||
| − | + | * {{.pem}} | |
| − | * {{ | + | * {{TLS}} |
| − | * {{ | ||
| + | [[Category:TLS]] | ||
[[Category:Security]] | [[Category:Security]] | ||
{{CC license}} Source: wikipedia | {{CC license}} Source: wikipedia | ||
Latest revision as of 12:59, 26 March 2024
wikipedia:Transport Layer Security cryptographic protocol successor to SSL (deprecated since 2011).
Once the client and server have agreed to use TLS, they negotiate a stateful connection by using a handshaking procedure. The protocols use a handshake with an asymmetric cipher to establish not only cipher settings but also a session-specific shared key with which further communication is encrypted using a symmetric cipher.
- https://support.apple.com/en-us/HT211025, 398 days
macOS 10.15 (June 2019) and IOS 13 requirements (https://support.apple.com/en-us/HT210176)
- TLS server certificates and issuing CAs using RSA keys must use key sizes greater than or equal to 2048 bits
- SHA-2
| Protocol | Published | Status |
|---|---|---|
| SSL 1.0 | Unpublished | Unpublished |
| SSL 2.0 | 1995 | Deprecated in 2011 (RFC 6176) |
| SSL 3.0 | 1996 | Deprecated in 2015 (RFC 7568) |
| TLS 1.0 | 1999 | Deprecation planned in 2020 |
| TLS 1.1 | 2006 | Deprecation planned in 2020 |
| TLS 1.2 | 2008 | |
| TLS 1.3 | 2018 |
Errors[edit]
Related terms[edit]
- Key Exchange
- SMTPS ((TCP port number 465 using TLS)) (deprecated)
- HTTPS
- STARTTLS
podman pull --tls-verify=falsessl_protocolsNginx directive- Your connection is not private
- NET::ERR CERT INVALID
- ALB: AWS Application Load Balancer (ALB)
- SSL Certificate Checker
- Datagram Transport Layer Security (DTLS)
tls_private_key- k8s cert-manager
- Predefined SSL security policies for Classic Load Balancers
- Certificate signed by unknown authority
- SSL/TLS Protocol: TLSv1.2,ECDHE-ECDSA-CHACHA20-POLY1305,256,256
- openssl s client -connect
- HTTP Message Signatures
See also[edit]
- Certificate:
.pem,.ppk,.pfx,.p12,.cer, .crt,openssl pkcs12,.csr,.pub, PFX, PKCS, PKCS - TLS, mTLS: OpenSSL, LibreSSL, BoringSSL, WolfSSL, X.509,
.pem, SNI, CT, OCSP, Mbed TLS, ALPN,your connection is not private, SSL Certificate Checker, Wildcard certificate, JA3 fingerprint, sslcan, TLS inspection
Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Source: wikipedia
Advertising:
