Studyon Minte9.com
ZCE 5.3

Study

SSL



SSL is cryptographic protocol for secure comunications.

How does SSL work?

- Client initiate a connection
- Server sends back un encrypted certificate
- Certificate contains server name, certificate authority, public key
- Client decrypt the certificate using the public key
- Client checks CA against his browser CA trusted list
- Client encrypts a secret number, using public key
- Server decrypt secret number
- Now both parts have the secret number


OpenSSL

Install & use on Linux
http://www.flatmtn.com/article/setting-ssl-certificates-apache
http://www.eclectica.ca//howto/ssl-cert-howto.php
Install & use on Windows
http://stackoverflow.com/questions/4221874/how-do-i-allow-https-for-apache-on-localhost
http://www.tbs-certificates.co.uk/FAQ/en/openssl-windows.html#volet
http://www.neilstuff.com/apache2-ssl-windows.html
http://www.digicert.com/ssl.htm

Heartbleed Bug (OpenSSL)
http://www.engadget.com/2014/04/12/heartbleed-explained
http://heartbleed.com
http://www.digitaltrends.com/computing/the-heartbleed-bug-explained-by-a-web-comic-xkcd/#!bA6BzX 

When users are connecting to a server, the memory is recicled.
A hacker may be able to make a request beyond the size of his request.

Firesheep (Firefox add-on)
http://codebutler.com/firesheep
http://www.pcworld.com/article/208727/Firesheep_Brings_Hacking_to_the_Masses.html
Is an add-on that demonstrate how big the problem is.


http://www.vasco.com/large_download/manuals/Identikey31/IDENTIKEY_%20Server_Product_Guide.pdf#page=30&zoom=100,90.7,696