TLS

出自ProgWiki
跳至導覽 跳至搜尋

TLS(Transport Layer Security),昔稱SSL(Secure Sockets Layer)

技術文件

TLS
  • RFC 8446: "The Transport Layer Security (TLS) Protocol Version 1.3".
  • RFC 5246: "The Transport Layer Security (TLS) Protocol Version 1.2".
  • RFC 4346: "The Transport Layer Security (TLS) Protocol Version 1.1".
  • RFC 2246: "The TLS Protocol Version 1.0".
SSL
  • RFC 6101: "The Secure Sockets Layer (SSL) Protocol Version 3.0".
Extensions to TLS 1.0 include
  • RFC 2595: "Using TLS with IMAP, POP3 and ACAP". Specifies an extension to the IMAP, POP3 and ACAP services that allow the server and client to use transport-layer security to provide private, authenticated communication over the Internet.
  • RFC 2712: "Addition of Kerberos Cipher Suites to Transport Layer Security (TLS)". The 40-bit cipher suites defined in this memo appear only for the purpose of documenting the fact that those cipher suite codes have already been assigned.
  • RFC 2817: "Upgrading to TLS Within HTTP/1.1", explains how to use the Upgrade mechanism in HTTP/1.1 to initiate Transport Layer Security (TLS) over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same well known port (in this case, http: at 80 rather than https: at 443).
  • RFC 2818: "HTTP Over TLS", distinguishes secured traffic from insecure traffic by the use of a different 'server port'.
  • RFC 3207: "SMTP Service Extension for Secure SMTP over Transport Layer Security". Specifies an extension to the SMTP service that allows an SMTP server and client to use transport-layer security to provide private, authenticated communication over the Internet.
  • RFC 3268: "AES Ciphersuites for TLS". Adds Advanced Encryption Standard (AES) cipher suites to the previously existing symmetric ciphers.
  • RFC 3546: "Transport Layer Security (TLS) Extensions", adds a mechanism for negotiating protocol extensions during session initialisation and defines some extensions. Made obsolete by RFC 4366.
  • RFC 3749: "Transport Layer Security Protocol Compression Methods", specifies the framework for compression methods and the DEFLATE compression method.
  • RFC 3943: "Transport Layer Security (TLS) Protocol Compression Using Lempel-Ziv-Stac (LZS)".
  • RFC 4132: "Addition of Camellia Cipher Suites to Transport Layer Security (TLS)".
  • RFC 4162: "Addition of SEED Cipher Suites to Transport Layer Security (TLS)".
  • RFC 4217: "Securing FTP with TLS".
  • RFC 4279: "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", adds three sets of new cipher suites for the TLS protocol to support authentication based on pre-shared keys.
Extensions to TLS 1.1 include
  • RFC 4347: "Datagram Transport Layer Security" specifies a TLS variant that works over datagram protocols (such as UDP).
  • RFC 4366: "Transport Layer Security (TLS) Extensions" describes both a set of specific extensions and a generic extension mechanism.
  • RFC 4492: "Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS)".
  • RFC 4680: "TLS Handshake Message for Supplemental Data".
  • RFC 4681: "TLS User Mapping Extension".
  • RFC 4785: "Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)".
  • RFC 5054: "Using the Secure Remote Password (SRP) Protocol for TLS Authentication". Defines the TLS-SRP ciphersuites.
  • RFC 5077: "Transport Layer Security (TLS) Session Resumption without Server-Side State".
  • RFC 5081: "Using OpenPGP Keys for Transport Layer Security (TLS) Authentication", obsoleted by RFC 6091.
Extensions to TLS 1.2 include
  • RFC 5288: "AES Galois Counter Mode (GCM) Cipher Suites for TLS".
  • RFC 5289: "TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM)".
  • RFC 5746: "Transport Layer Security (TLS) Renegotiation Indication Extension".
  • RFC 5878: "Transport Layer Security (TLS) Authorization Extensions".
  • RFC 6066: "Transport Layer Security (TLS) Extensions: Extension Definitions", includes Server Name Indication and OCSP stapling.
  • RFC 6091: "Using OpenPGP Keys for Transport Layer Security (TLS) Authentication".
  • RFC 6176: "Prohibiting Secure Sockets Layer (SSL) Version 2.0".
  • RFC 6209: "Addition of the ARIA Cipher Suites to Transport Layer Security (TLS)".
  • RFC 6460: "Suite B Profile for Transport Layer Security (TLS)".
Encapsulations of TLS include

相關教學

用戶端
伺服器端

FAQ

SSL憑證種類

SSL憑證,副檔名為 .crt
  • 在檔名中有 Root 字眼的是「CA 根憑證」
  • 在檔名中有 SSL 字眼的是「中繼憑證」
  • 在檔名中有 Server 字眼的是「自我憑證」

SSL憑證申請

IE或.NET無法連上的網站

Certbot