SSL and TLS: : theory and practice /
Now in its Third Edition, this completely revised and updated reference provides a thorough and comprehensive introduction into the SSL, TLS, and DTLS protocols, explaining all the details and technical subtleties and showing how the current design helps mitigate the attacks that have made press hea...
Gespeichert in:
| 1. Verfasser: | |
|---|---|
| Format: | Elektronisch E-Book |
| Sprache: | English |
| Veröffentlicht: |
Norwood, MA :
Artech House,
[2023]
|
| Ausgabe: | Third edition. |
| Schriftenreihe: | Artech House information security and privacy series.
|
| Schlagworte: | |
| Online-Zugang: | Volltext |
| Zusammenfassung: | Now in its Third Edition, this completely revised and updated reference provides a thorough and comprehensive introduction into the SSL, TLS, and DTLS protocols, explaining all the details and technical subtleties and showing how the current design helps mitigate the attacks that have made press headlines in the past. The book tells the complete story of TLS, from its earliest incarnation (SSL 1.0 in 1994), all the way up to and including TLS 1.3. Detailed descriptions of each protocol version give you a full understanding of why the protocol looked like it did, and why it now looks like it does. You will get a clear, detailed introduction to TLS 1.3 and understand the broader context of how TLS works with firewall and network middleboxes, as well the key topic of public infrastructures and their role in securing TLS. You will also find similar details on DTLS, a close sibling of TLS that is designed to operate over UDP instead of TCP. The book helps you fully understand the rationale behind the design of the SSL, TLS, and DTLS protocols and all of its extensions. It also gives you an in-depth and accessible breakdown of the many vulnerabilities in earlier versions of TLS, thereby more fully equipping you to properly configure and use the protocols in the field and protect against specific (network-based) attacks. With its thorough discussion of widely deployed network security technology, coupled with its practical applications you can utilize today, this is a must-have book for network security practitioners and software/web application developers at all levels. |
| Beschreibung: | 1 online resource (xxv, 352 pages) |
| Bibliographie: | Includes bibliographical references and index. |
| ISBN: | 9781685690168 1685690165 |
Internformat
MARC
| LEADER | 00000cam a2200000 i 4500 | ||
|---|---|---|---|
| 001 | ZDB-4-EBA-on1397073395 | ||
| 003 | OCoLC | ||
| 005 | 20241004212047.0 | ||
| 006 | m o d | ||
| 007 | cr cnu|||unuuu | ||
| 008 | 230914s2023 mau ob 001 0 eng d | ||
| 040 | |a N$T |b eng |e rda |e pn |c N$T |d N$T |d YDX |d OCLCO |d IEEEE |d OCLCL |d OCLCF |d SFB | ||
| 019 | |a 1396551940 |a 1446815531 | ||
| 020 | |a 9781685690168 |q (electronic bk.) | ||
| 020 | |a 1685690165 |q (electronic bk.) | ||
| 020 | |z 9781685690151 | ||
| 020 | |z 1685690157 | ||
| 035 | |a (OCoLC)1397073395 |z (OCoLC)1396551940 |z (OCoLC)1446815531 | ||
| 037 | |a 10302941 |b IEEE | ||
| 050 | 4 | |a TK5105.59 |b .O67 2023 | |
| 082 | 7 | |a 005.8 |2 23/eng/20230915 | |
| 049 | |a MAIN | ||
| 100 | 1 | |a Oppliger, Rolf, |e author. |0 http://id.loc.gov/authorities/names/n96000042 | |
| 245 | 1 | 0 | |a SSL and TLS |b : theory and practice / |c Rolf Oppliger. |
| 250 | |a Third edition. | ||
| 264 | 1 | |a Norwood, MA : |b Artech House, |c [2023] | |
| 300 | |a 1 online resource (xxv, 352 pages) | ||
| 336 | |a text |b txt |2 rdacontent | ||
| 337 | |a computer |b c |2 rdamedia | ||
| 338 | |a online resource |b cr |2 rdacarrier | ||
| 490 | 1 | |a Artech House information security and privacy series | |
| 588 | |a Description based on print version record. | ||
| 504 | |a Includes bibliographical references and index. | ||
| 520 | |a Now in its Third Edition, this completely revised and updated reference provides a thorough and comprehensive introduction into the SSL, TLS, and DTLS protocols, explaining all the details and technical subtleties and showing how the current design helps mitigate the attacks that have made press headlines in the past. The book tells the complete story of TLS, from its earliest incarnation (SSL 1.0 in 1994), all the way up to and including TLS 1.3. Detailed descriptions of each protocol version give you a full understanding of why the protocol looked like it did, and why it now looks like it does. You will get a clear, detailed introduction to TLS 1.3 and understand the broader context of how TLS works with firewall and network middleboxes, as well the key topic of public infrastructures and their role in securing TLS. You will also find similar details on DTLS, a close sibling of TLS that is designed to operate over UDP instead of TCP. The book helps you fully understand the rationale behind the design of the SSL, TLS, and DTLS protocols and all of its extensions. It also gives you an in-depth and accessible breakdown of the many vulnerabilities in earlier versions of TLS, thereby more fully equipping you to properly configure and use the protocols in the field and protect against specific (network-based) attacks. With its thorough discussion of widely deployed network security technology, coupled with its practical applications you can utilize today, this is a must-have book for network security practitioners and software/web application developers at all levels. | ||
| 505 | 0 | |a SSL and TLS: Theory and Practice Third Edition -- Contents -- Foreword -- Preface -- References -- Acknowledgments -- Chapter 1 Introduction -- 1.1 INFORMATION AND NETWORK SECURITY -- 1.1.1 Security Services -- 1.1.2 Security Mechanisms -- 1.2 TRANSPORT LAYER SECURITY -- 1.3 FINAL REMARKS -- References -- Chapter 2 SSL Protocol -- 2.1 INTRODUCTION -- 2.2 PROTOCOLS -- 2.2.1 SSL Record Protocol -- 2.2.2 SSL Handshake Protocol -- 2.2.3 SSL Change Cipher Spec Protocol -- 2.2.4 SSL Alert Protocol -- 2.2.5 SSL Application Data Protocol -- 2.3 PROTOCOL TRANSCRIPT -- 2.4 SECURITY ANALYSIS -- 2.5 FINAL REMARKS -- References -- Chapter 3 TLS Protocol -- 3.1 INTRODUCTION -- 3.1.1 TLS PRF -- 3.1.2 Generation of Keying Material -- 3.2 TLS 1.0 -- 3.2.1 Cipher Suites -- 3.2.2 Certificate Management -- 3.2.3 Alert Messages -- 3.2.4 Other Differences -- 3.3 TLS 1.1 -- 3.3.1 Cipher Suites -- 3.3.2 Certificate Management -- 3.3.3 Alert Messages -- 3.3.4 Other Differences -- 3.4 TLS 1.2 -- 3.4.1 TLS Extensions -- 3.4.2 Cipher Suites -- 3.4.3 Certificate Management -- 3.4.4 Alert Messages -- 3.4.5 Other Differences -- 3.5 TLS 1 -- 3.5.1 Handshake Protocol -- 3.5.2 Key Derivation -- 3.5.3 Certificate Management -- 3.5.4 Alert Messages -- 3.5.5 Other Differences -- 3.6 HSTS -- 3.7 PROTOCOL TRANSCRIPTS -- 3.7.1 TLS 1.0 -- 3.7.2 TLS 1.2 -- 3.8 SECURITY ANALYSIS -- 3.9 FINAL REMARKS -- References -- Chapter 4 DTLS Protocol -- 4.1 INTRODUCTION -- 4.2 DTLS 1.0 -- 4.2.1 Record Protocol -- 4.2.2 Handshake Protocol -- 4.3 DTLS 1.2 -- 4.4 DTLS 1.3 -- 4.4.1 Record Protocol -- 4.4.2 Handshake Protocol -- 4.5 SECURITY ANALYSIS -- 4.6 FINAL REMARKS -- References -- Chapter 5 Firewall Traversal -- 5.1 INTRODUCTION -- 5.2 SSL/TLS TUNNELING -- 5.3 SSL/TLS PROXYING -- 5.4 MIDDLEBOX MITIGATION -- 5.5 FINAL REMARKS -- References -- Chapter 6 Public Key Certificates and Internet PKI. | |
| 505 | 8 | |a 6.1 INTRODUCTION -- 6.2 X.509 CERTIFICATES -- 6.2.1 Certificate Format -- 6.2.2 Hierarchical Trust Model -- 6.3 SERVER CERTIFICATES -- 6.4 CLIENT CERTIFICATES -- 6.5 PROBLEMS AND PITFALLS -- 6.6 CERTIFICATE LEGITIMATION -- 6.6.1 Public Key Pinning -- 6.6.2 DNS Resource Records -- 6.6.3 Distributed Notaries -- 6.6.4 Certificate Transparency -- 6.7 FINAL REMARKS -- References -- Chapter 7 Concluding Remarks -- References -- Appendix A Attacks Against SSL/TLS -- A.1 BLEICHENBACHER ATTACK -- A.1.1 DROWN, ROBOT, and CATs -- A.1.2 Kl´ıma-Pokorn´y-Rosa Attack -- A.1.3 Manger Attack -- A.2 VAUDENAY ATTACK -- A.3 BEAST -- A.4 POODLE -- A.5 RENEGOTIATION ATTACKS -- A.6 COMPRESSION-RELATED ATTACKS -- A.7 KEY EXCHANGE DOWNGRADE ATTACKS -- A.7.1 FREAK -- A.7.2 Logjam -- References -- Appendix B TLS Cipher Suites -- Reference -- Appendix C TLS Extensions -- C.1 OVERVIEW -- C.2 DETAILED EXPLANATIONS -- C.2.1 Server name (0) Extension -- C.2.2 Max fragment length (1) and Record size limit (28) Extensions -- C.2.3 Client certificate url (2) Extension -- C.2.4 Trusted ca keys (3) Extension -- C.2.5 Truncated hmac (4) Extension -- C.2.6 Status request (5) and Status request v2 (17) Extensions -- C.2.7 User mapping (6) Extension -- C.2.8 Client authz (7) and Server authz (8) Extensions -- C.2.9 Cert type (9) Extension -- C.2.10 Supported groups (10) and ec point formats (11) Extensions -- C.2.11 Srp (12) Extension -- C.2.12 Signature algorithms (13) Extension -- C.2.13 Use srtp (14) Extension -- C.2.14 Heartbeat (15) Extension -- C.2.15 Application layer protocol negotiation (16) Extension -- C.2.16 Signed certificate timestamp (18) and transparency info (52) Extensions -- C.2.17 Client certificate type (19) and Server certificate_type (20) Extensions -- C.2.18 Padding (21) Extension -- C.2.19 Encrypt then mac (22) Extension -- C.2.20 Token binding (24) Extension. | |
| 505 | 8 | |a C.2.21 Cached info (25) Extension -- C.2.22 Compress certificate (27) Extension -- C.2.23 Pwd protect (29), pwd clear (30), and password salt (31) Extensions -- C.2.24 Ticket pinning (32) Extension -- C.2.25 Tls cert with extern psk (33) Extension -- C.2.26 Session ticket (35) and ticket request (58) Extension -- C.2.27 TLMSP (36), TLMSP proxying (37), and TLMSP delegate (38) Extensions -- C.2.28 Supported ekt ciphers (39) Extension -- C.2.29 Pre shared key (41) Extension -- C.2.30 Early data (42) Extension -- C.2.31 Supported versions (43) Extension -- C.2.32 Cookie (44) Extension -- C.2.33 Psk key exchange modes (45) Extension -- C.2.34 Certificate authorities (47) Extension -- C.2.35 Oid filters (48) Extension -- C.2.36 Post handshake auth (49) Extension -- C.2.37 Signature algorithms cert (50) Extension -- C.2.38 Key share (51) Extension -- C.2.39 Connection id (54) Extension -- C.2.40 External id hash (55) and external session id (56) Extensions -- C.2.41 Quic transport parameters (57) Extention -- C.2.42 Dnssec chain (59) Extension -- C.2.43 Renegotiation info (65281) and extended master secret (23) Extensions -- References -- Abbreviations and Acronyms -- About the Author -- Index. | |
| 650 | 0 | |a Computer networks |x Security measures. |0 http://id.loc.gov/authorities/subjects/sh94001277 | |
| 650 | 0 | |a World Wide Web |x Security measures. | |
| 650 | 0 | |a Computer network protocols. |0 http://id.loc.gov/authorities/subjects/sh85029512 | |
| 650 | 6 | |a Réseaux d'ordinateurs |x Sécurité |x Mesures. | |
| 650 | 6 | |a Web |x Sécurité |x Mesures. | |
| 650 | 6 | |a Protocoles de réseaux d'ordinateurs. | |
| 650 | 7 | |a Computer network protocols. |2 fast |0 (OCoLC)fst00872279 | |
| 650 | 7 | |a Computer networks |x Security measures. |2 fast |0 (OCoLC)fst00872341 | |
| 650 | 7 | |a World Wide Web |x Security measures. |2 fast |0 (OCoLC)fst01181329 | |
| 758 | |i has work: |a SSL and TLS (Text) |1 https://id.oclc.org/worldcat/entity/E39PCGDhdbMxG6bRBTbFF6pJKq |4 https://id.oclc.org/worldcat/ontology/hasWork | ||
| 776 | 0 | 8 | |i Print version: |a Oppliger, Rolf. |t SSL and TLS. |b Third edition. |d Norwood, MA : Artech House, [2023] |z 9781685690151 |w (OCoLC)1375548645 |
| 830 | 0 | |a Artech House information security and privacy series. |0 http://id.loc.gov/authorities/names/no2007048455 | |
| 856 | 4 | 0 | |l FWS01 |p ZDB-4-EBA |q FWS_PDA_EBA |u https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=3675087 |3 Volltext |
| 938 | |a EBSCOhost |b EBSC |n 3675087 | ||
| 938 | |a YBP Library Services |b YANK |n 305687880 | ||
| 994 | |a 92 |b GEBAY | ||
| 912 | |a ZDB-4-EBA | ||
| 049 | |a DE-863 | ||
Datensatz im Suchindex
| DE-BY-FWS_katkey | ZDB-4-EBA-on1397073395 |
|---|---|
| _version_ | 1816882571237130241 |
| adam_text | |
| any_adam_object | |
| author | Oppliger, Rolf |
| author_GND | http://id.loc.gov/authorities/names/n96000042 |
| author_facet | Oppliger, Rolf |
| author_role | aut |
| author_sort | Oppliger, Rolf |
| author_variant | r o ro |
| building | Verbundindex |
| bvnumber | localFWS |
| callnumber-first | T - Technology |
| callnumber-label | TK5105 |
| callnumber-raw | TK5105.59 .O67 2023 |
| callnumber-search | TK5105.59 .O67 2023 |
| callnumber-sort | TK 45105.59 O67 42023 |
| callnumber-subject | TK - Electrical and Nuclear Engineering |
| collection | ZDB-4-EBA |
| contents | SSL and TLS: Theory and Practice Third Edition -- Contents -- Foreword -- Preface -- References -- Acknowledgments -- Chapter 1 Introduction -- 1.1 INFORMATION AND NETWORK SECURITY -- 1.1.1 Security Services -- 1.1.2 Security Mechanisms -- 1.2 TRANSPORT LAYER SECURITY -- 1.3 FINAL REMARKS -- References -- Chapter 2 SSL Protocol -- 2.1 INTRODUCTION -- 2.2 PROTOCOLS -- 2.2.1 SSL Record Protocol -- 2.2.2 SSL Handshake Protocol -- 2.2.3 SSL Change Cipher Spec Protocol -- 2.2.4 SSL Alert Protocol -- 2.2.5 SSL Application Data Protocol -- 2.3 PROTOCOL TRANSCRIPT -- 2.4 SECURITY ANALYSIS -- 2.5 FINAL REMARKS -- References -- Chapter 3 TLS Protocol -- 3.1 INTRODUCTION -- 3.1.1 TLS PRF -- 3.1.2 Generation of Keying Material -- 3.2 TLS 1.0 -- 3.2.1 Cipher Suites -- 3.2.2 Certificate Management -- 3.2.3 Alert Messages -- 3.2.4 Other Differences -- 3.3 TLS 1.1 -- 3.3.1 Cipher Suites -- 3.3.2 Certificate Management -- 3.3.3 Alert Messages -- 3.3.4 Other Differences -- 3.4 TLS 1.2 -- 3.4.1 TLS Extensions -- 3.4.2 Cipher Suites -- 3.4.3 Certificate Management -- 3.4.4 Alert Messages -- 3.4.5 Other Differences -- 3.5 TLS 1 -- 3.5.1 Handshake Protocol -- 3.5.2 Key Derivation -- 3.5.3 Certificate Management -- 3.5.4 Alert Messages -- 3.5.5 Other Differences -- 3.6 HSTS -- 3.7 PROTOCOL TRANSCRIPTS -- 3.7.1 TLS 1.0 -- 3.7.2 TLS 1.2 -- 3.8 SECURITY ANALYSIS -- 3.9 FINAL REMARKS -- References -- Chapter 4 DTLS Protocol -- 4.1 INTRODUCTION -- 4.2 DTLS 1.0 -- 4.2.1 Record Protocol -- 4.2.2 Handshake Protocol -- 4.3 DTLS 1.2 -- 4.4 DTLS 1.3 -- 4.4.1 Record Protocol -- 4.4.2 Handshake Protocol -- 4.5 SECURITY ANALYSIS -- 4.6 FINAL REMARKS -- References -- Chapter 5 Firewall Traversal -- 5.1 INTRODUCTION -- 5.2 SSL/TLS TUNNELING -- 5.3 SSL/TLS PROXYING -- 5.4 MIDDLEBOX MITIGATION -- 5.5 FINAL REMARKS -- References -- Chapter 6 Public Key Certificates and Internet PKI. 6.1 INTRODUCTION -- 6.2 X.509 CERTIFICATES -- 6.2.1 Certificate Format -- 6.2.2 Hierarchical Trust Model -- 6.3 SERVER CERTIFICATES -- 6.4 CLIENT CERTIFICATES -- 6.5 PROBLEMS AND PITFALLS -- 6.6 CERTIFICATE LEGITIMATION -- 6.6.1 Public Key Pinning -- 6.6.2 DNS Resource Records -- 6.6.3 Distributed Notaries -- 6.6.4 Certificate Transparency -- 6.7 FINAL REMARKS -- References -- Chapter 7 Concluding Remarks -- References -- Appendix A Attacks Against SSL/TLS -- A.1 BLEICHENBACHER ATTACK -- A.1.1 DROWN, ROBOT, and CATs -- A.1.2 Kl´ıma-Pokorn´y-Rosa Attack -- A.1.3 Manger Attack -- A.2 VAUDENAY ATTACK -- A.3 BEAST -- A.4 POODLE -- A.5 RENEGOTIATION ATTACKS -- A.6 COMPRESSION-RELATED ATTACKS -- A.7 KEY EXCHANGE DOWNGRADE ATTACKS -- A.7.1 FREAK -- A.7.2 Logjam -- References -- Appendix B TLS Cipher Suites -- Reference -- Appendix C TLS Extensions -- C.1 OVERVIEW -- C.2 DETAILED EXPLANATIONS -- C.2.1 Server name (0) Extension -- C.2.2 Max fragment length (1) and Record size limit (28) Extensions -- C.2.3 Client certificate url (2) Extension -- C.2.4 Trusted ca keys (3) Extension -- C.2.5 Truncated hmac (4) Extension -- C.2.6 Status request (5) and Status request v2 (17) Extensions -- C.2.7 User mapping (6) Extension -- C.2.8 Client authz (7) and Server authz (8) Extensions -- C.2.9 Cert type (9) Extension -- C.2.10 Supported groups (10) and ec point formats (11) Extensions -- C.2.11 Srp (12) Extension -- C.2.12 Signature algorithms (13) Extension -- C.2.13 Use srtp (14) Extension -- C.2.14 Heartbeat (15) Extension -- C.2.15 Application layer protocol negotiation (16) Extension -- C.2.16 Signed certificate timestamp (18) and transparency info (52) Extensions -- C.2.17 Client certificate type (19) and Server certificate_type (20) Extensions -- C.2.18 Padding (21) Extension -- C.2.19 Encrypt then mac (22) Extension -- C.2.20 Token binding (24) Extension. C.2.21 Cached info (25) Extension -- C.2.22 Compress certificate (27) Extension -- C.2.23 Pwd protect (29), pwd clear (30), and password salt (31) Extensions -- C.2.24 Ticket pinning (32) Extension -- C.2.25 Tls cert with extern psk (33) Extension -- C.2.26 Session ticket (35) and ticket request (58) Extension -- C.2.27 TLMSP (36), TLMSP proxying (37), and TLMSP delegate (38) Extensions -- C.2.28 Supported ekt ciphers (39) Extension -- C.2.29 Pre shared key (41) Extension -- C.2.30 Early data (42) Extension -- C.2.31 Supported versions (43) Extension -- C.2.32 Cookie (44) Extension -- C.2.33 Psk key exchange modes (45) Extension -- C.2.34 Certificate authorities (47) Extension -- C.2.35 Oid filters (48) Extension -- C.2.36 Post handshake auth (49) Extension -- C.2.37 Signature algorithms cert (50) Extension -- C.2.38 Key share (51) Extension -- C.2.39 Connection id (54) Extension -- C.2.40 External id hash (55) and external session id (56) Extensions -- C.2.41 Quic transport parameters (57) Extention -- C.2.42 Dnssec chain (59) Extension -- C.2.43 Renegotiation info (65281) and extended master secret (23) Extensions -- References -- Abbreviations and Acronyms -- About the Author -- Index. |
| ctrlnum | (OCoLC)1397073395 |
| dewey-full | 005.8 |
| dewey-hundreds | 000 - Computer science, information, general works |
| dewey-ones | 005 - Computer programming, programs, data, security |
| dewey-raw | 005.8 |
| dewey-search | 005.8 |
| dewey-sort | 15.8 |
| dewey-tens | 000 - Computer science, information, general works |
| discipline | Informatik |
| edition | Third edition. |
| format | Electronic eBook |
| fullrecord | <?xml version="1.0" encoding="UTF-8"?><collection xmlns="http://www.loc.gov/MARC21/slim"><record><leader>09190cam a2200601 i 4500</leader><controlfield tag="001">ZDB-4-EBA-on1397073395</controlfield><controlfield tag="003">OCoLC</controlfield><controlfield tag="005">20241004212047.0</controlfield><controlfield tag="006">m o d </controlfield><controlfield tag="007">cr cnu|||unuuu</controlfield><controlfield tag="008">230914s2023 mau ob 001 0 eng d</controlfield><datafield tag="040" ind1=" " ind2=" "><subfield code="a">N$T</subfield><subfield code="b">eng</subfield><subfield code="e">rda</subfield><subfield code="e">pn</subfield><subfield code="c">N$T</subfield><subfield code="d">N$T</subfield><subfield code="d">YDX</subfield><subfield code="d">OCLCO</subfield><subfield code="d">IEEEE</subfield><subfield code="d">OCLCL</subfield><subfield code="d">OCLCF</subfield><subfield code="d">SFB</subfield></datafield><datafield tag="019" ind1=" " ind2=" "><subfield code="a">1396551940</subfield><subfield code="a">1446815531</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">9781685690168</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="a">1685690165</subfield><subfield code="q">(electronic bk.)</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">9781685690151</subfield></datafield><datafield tag="020" ind1=" " ind2=" "><subfield code="z">1685690157</subfield></datafield><datafield tag="035" ind1=" " ind2=" "><subfield code="a">(OCoLC)1397073395</subfield><subfield code="z">(OCoLC)1396551940</subfield><subfield code="z">(OCoLC)1446815531</subfield></datafield><datafield tag="037" ind1=" " ind2=" "><subfield code="a">10302941</subfield><subfield code="b">IEEE</subfield></datafield><datafield tag="050" ind1=" " ind2="4"><subfield code="a">TK5105.59</subfield><subfield code="b">.O67 2023</subfield></datafield><datafield tag="082" ind1="7" ind2=" "><subfield code="a">005.8</subfield><subfield code="2">23/eng/20230915</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">MAIN</subfield></datafield><datafield tag="100" ind1="1" ind2=" "><subfield code="a">Oppliger, Rolf,</subfield><subfield code="e">author.</subfield><subfield code="0">http://id.loc.gov/authorities/names/n96000042</subfield></datafield><datafield tag="245" ind1="1" ind2="0"><subfield code="a">SSL and TLS</subfield><subfield code="b">: theory and practice /</subfield><subfield code="c">Rolf Oppliger.</subfield></datafield><datafield tag="250" ind1=" " ind2=" "><subfield code="a">Third edition.</subfield></datafield><datafield tag="264" ind1=" " ind2="1"><subfield code="a">Norwood, MA :</subfield><subfield code="b">Artech House,</subfield><subfield code="c">[2023]</subfield></datafield><datafield tag="300" ind1=" " ind2=" "><subfield code="a">1 online resource (xxv, 352 pages)</subfield></datafield><datafield tag="336" ind1=" " ind2=" "><subfield code="a">text</subfield><subfield code="b">txt</subfield><subfield code="2">rdacontent</subfield></datafield><datafield tag="337" ind1=" " ind2=" "><subfield code="a">computer</subfield><subfield code="b">c</subfield><subfield code="2">rdamedia</subfield></datafield><datafield tag="338" ind1=" " ind2=" "><subfield code="a">online resource</subfield><subfield code="b">cr</subfield><subfield code="2">rdacarrier</subfield></datafield><datafield tag="490" ind1="1" ind2=" "><subfield code="a">Artech House information security and privacy series</subfield></datafield><datafield tag="588" ind1=" " ind2=" "><subfield code="a">Description based on print version record.</subfield></datafield><datafield tag="504" ind1=" " ind2=" "><subfield code="a">Includes bibliographical references and index.</subfield></datafield><datafield tag="520" ind1=" " ind2=" "><subfield code="a">Now in its Third Edition, this completely revised and updated reference provides a thorough and comprehensive introduction into the SSL, TLS, and DTLS protocols, explaining all the details and technical subtleties and showing how the current design helps mitigate the attacks that have made press headlines in the past. The book tells the complete story of TLS, from its earliest incarnation (SSL 1.0 in 1994), all the way up to and including TLS 1.3. Detailed descriptions of each protocol version give you a full understanding of why the protocol looked like it did, and why it now looks like it does. You will get a clear, detailed introduction to TLS 1.3 and understand the broader context of how TLS works with firewall and network middleboxes, as well the key topic of public infrastructures and their role in securing TLS. You will also find similar details on DTLS, a close sibling of TLS that is designed to operate over UDP instead of TCP. The book helps you fully understand the rationale behind the design of the SSL, TLS, and DTLS protocols and all of its extensions. It also gives you an in-depth and accessible breakdown of the many vulnerabilities in earlier versions of TLS, thereby more fully equipping you to properly configure and use the protocols in the field and protect against specific (network-based) attacks. With its thorough discussion of widely deployed network security technology, coupled with its practical applications you can utilize today, this is a must-have book for network security practitioners and software/web application developers at all levels.</subfield></datafield><datafield tag="505" ind1="0" ind2=" "><subfield code="a">SSL and TLS: Theory and Practice Third Edition -- Contents -- Foreword -- Preface -- References -- Acknowledgments -- Chapter 1 Introduction -- 1.1 INFORMATION AND NETWORK SECURITY -- 1.1.1 Security Services -- 1.1.2 Security Mechanisms -- 1.2 TRANSPORT LAYER SECURITY -- 1.3 FINAL REMARKS -- References -- Chapter 2 SSL Protocol -- 2.1 INTRODUCTION -- 2.2 PROTOCOLS -- 2.2.1 SSL Record Protocol -- 2.2.2 SSL Handshake Protocol -- 2.2.3 SSL Change Cipher Spec Protocol -- 2.2.4 SSL Alert Protocol -- 2.2.5 SSL Application Data Protocol -- 2.3 PROTOCOL TRANSCRIPT -- 2.4 SECURITY ANALYSIS -- 2.5 FINAL REMARKS -- References -- Chapter 3 TLS Protocol -- 3.1 INTRODUCTION -- 3.1.1 TLS PRF -- 3.1.2 Generation of Keying Material -- 3.2 TLS 1.0 -- 3.2.1 Cipher Suites -- 3.2.2 Certificate Management -- 3.2.3 Alert Messages -- 3.2.4 Other Differences -- 3.3 TLS 1.1 -- 3.3.1 Cipher Suites -- 3.3.2 Certificate Management -- 3.3.3 Alert Messages -- 3.3.4 Other Differences -- 3.4 TLS 1.2 -- 3.4.1 TLS Extensions -- 3.4.2 Cipher Suites -- 3.4.3 Certificate Management -- 3.4.4 Alert Messages -- 3.4.5 Other Differences -- 3.5 TLS 1 -- 3.5.1 Handshake Protocol -- 3.5.2 Key Derivation -- 3.5.3 Certificate Management -- 3.5.4 Alert Messages -- 3.5.5 Other Differences -- 3.6 HSTS -- 3.7 PROTOCOL TRANSCRIPTS -- 3.7.1 TLS 1.0 -- 3.7.2 TLS 1.2 -- 3.8 SECURITY ANALYSIS -- 3.9 FINAL REMARKS -- References -- Chapter 4 DTLS Protocol -- 4.1 INTRODUCTION -- 4.2 DTLS 1.0 -- 4.2.1 Record Protocol -- 4.2.2 Handshake Protocol -- 4.3 DTLS 1.2 -- 4.4 DTLS 1.3 -- 4.4.1 Record Protocol -- 4.4.2 Handshake Protocol -- 4.5 SECURITY ANALYSIS -- 4.6 FINAL REMARKS -- References -- Chapter 5 Firewall Traversal -- 5.1 INTRODUCTION -- 5.2 SSL/TLS TUNNELING -- 5.3 SSL/TLS PROXYING -- 5.4 MIDDLEBOX MITIGATION -- 5.5 FINAL REMARKS -- References -- Chapter 6 Public Key Certificates and Internet PKI.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">6.1 INTRODUCTION -- 6.2 X.509 CERTIFICATES -- 6.2.1 Certificate Format -- 6.2.2 Hierarchical Trust Model -- 6.3 SERVER CERTIFICATES -- 6.4 CLIENT CERTIFICATES -- 6.5 PROBLEMS AND PITFALLS -- 6.6 CERTIFICATE LEGITIMATION -- 6.6.1 Public Key Pinning -- 6.6.2 DNS Resource Records -- 6.6.3 Distributed Notaries -- 6.6.4 Certificate Transparency -- 6.7 FINAL REMARKS -- References -- Chapter 7 Concluding Remarks -- References -- Appendix A Attacks Against SSL/TLS -- A.1 BLEICHENBACHER ATTACK -- A.1.1 DROWN, ROBOT, and CATs -- A.1.2 Kl´ıma-Pokorn´y-Rosa Attack -- A.1.3 Manger Attack -- A.2 VAUDENAY ATTACK -- A.3 BEAST -- A.4 POODLE -- A.5 RENEGOTIATION ATTACKS -- A.6 COMPRESSION-RELATED ATTACKS -- A.7 KEY EXCHANGE DOWNGRADE ATTACKS -- A.7.1 FREAK -- A.7.2 Logjam -- References -- Appendix B TLS Cipher Suites -- Reference -- Appendix C TLS Extensions -- C.1 OVERVIEW -- C.2 DETAILED EXPLANATIONS -- C.2.1 Server name (0) Extension -- C.2.2 Max fragment length (1) and Record size limit (28) Extensions -- C.2.3 Client certificate url (2) Extension -- C.2.4 Trusted ca keys (3) Extension -- C.2.5 Truncated hmac (4) Extension -- C.2.6 Status request (5) and Status request v2 (17) Extensions -- C.2.7 User mapping (6) Extension -- C.2.8 Client authz (7) and Server authz (8) Extensions -- C.2.9 Cert type (9) Extension -- C.2.10 Supported groups (10) and ec point formats (11) Extensions -- C.2.11 Srp (12) Extension -- C.2.12 Signature algorithms (13) Extension -- C.2.13 Use srtp (14) Extension -- C.2.14 Heartbeat (15) Extension -- C.2.15 Application layer protocol negotiation (16) Extension -- C.2.16 Signed certificate timestamp (18) and transparency info (52) Extensions -- C.2.17 Client certificate type (19) and Server certificate_type (20) Extensions -- C.2.18 Padding (21) Extension -- C.2.19 Encrypt then mac (22) Extension -- C.2.20 Token binding (24) Extension.</subfield></datafield><datafield tag="505" ind1="8" ind2=" "><subfield code="a">C.2.21 Cached info (25) Extension -- C.2.22 Compress certificate (27) Extension -- C.2.23 Pwd protect (29), pwd clear (30), and password salt (31) Extensions -- C.2.24 Ticket pinning (32) Extension -- C.2.25 Tls cert with extern psk (33) Extension -- C.2.26 Session ticket (35) and ticket request (58) Extension -- C.2.27 TLMSP (36), TLMSP proxying (37), and TLMSP delegate (38) Extensions -- C.2.28 Supported ekt ciphers (39) Extension -- C.2.29 Pre shared key (41) Extension -- C.2.30 Early data (42) Extension -- C.2.31 Supported versions (43) Extension -- C.2.32 Cookie (44) Extension -- C.2.33 Psk key exchange modes (45) Extension -- C.2.34 Certificate authorities (47) Extension -- C.2.35 Oid filters (48) Extension -- C.2.36 Post handshake auth (49) Extension -- C.2.37 Signature algorithms cert (50) Extension -- C.2.38 Key share (51) Extension -- C.2.39 Connection id (54) Extension -- C.2.40 External id hash (55) and external session id (56) Extensions -- C.2.41 Quic transport parameters (57) Extention -- C.2.42 Dnssec chain (59) Extension -- C.2.43 Renegotiation info (65281) and extended master secret (23) Extensions -- References -- Abbreviations and Acronyms -- About the Author -- Index.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh94001277</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">World Wide Web</subfield><subfield code="x">Security measures.</subfield></datafield><datafield tag="650" ind1=" " ind2="0"><subfield code="a">Computer network protocols.</subfield><subfield code="0">http://id.loc.gov/authorities/subjects/sh85029512</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Réseaux d'ordinateurs</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Web</subfield><subfield code="x">Sécurité</subfield><subfield code="x">Mesures.</subfield></datafield><datafield tag="650" ind1=" " ind2="6"><subfield code="a">Protocoles de réseaux d'ordinateurs.</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer network protocols.</subfield><subfield code="2">fast</subfield><subfield code="0">(OCoLC)fst00872279</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">Computer networks</subfield><subfield code="x">Security measures.</subfield><subfield code="2">fast</subfield><subfield code="0">(OCoLC)fst00872341</subfield></datafield><datafield tag="650" ind1=" " ind2="7"><subfield code="a">World Wide Web</subfield><subfield code="x">Security measures.</subfield><subfield code="2">fast</subfield><subfield code="0">(OCoLC)fst01181329</subfield></datafield><datafield tag="758" ind1=" " ind2=" "><subfield code="i">has work:</subfield><subfield code="a">SSL and TLS (Text)</subfield><subfield code="1">https://id.oclc.org/worldcat/entity/E39PCGDhdbMxG6bRBTbFF6pJKq</subfield><subfield code="4">https://id.oclc.org/worldcat/ontology/hasWork</subfield></datafield><datafield tag="776" ind1="0" ind2="8"><subfield code="i">Print version:</subfield><subfield code="a">Oppliger, Rolf.</subfield><subfield code="t">SSL and TLS.</subfield><subfield code="b">Third edition.</subfield><subfield code="d">Norwood, MA : Artech House, [2023]</subfield><subfield code="z">9781685690151</subfield><subfield code="w">(OCoLC)1375548645</subfield></datafield><datafield tag="830" ind1=" " ind2="0"><subfield code="a">Artech House information security and privacy series.</subfield><subfield code="0">http://id.loc.gov/authorities/names/no2007048455</subfield></datafield><datafield tag="856" ind1="4" ind2="0"><subfield code="l">FWS01</subfield><subfield code="p">ZDB-4-EBA</subfield><subfield code="q">FWS_PDA_EBA</subfield><subfield code="u">https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=3675087</subfield><subfield code="3">Volltext</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">EBSCOhost</subfield><subfield code="b">EBSC</subfield><subfield code="n">3675087</subfield></datafield><datafield tag="938" ind1=" " ind2=" "><subfield code="a">YBP Library Services</subfield><subfield code="b">YANK</subfield><subfield code="n">305687880</subfield></datafield><datafield tag="994" ind1=" " ind2=" "><subfield code="a">92</subfield><subfield code="b">GEBAY</subfield></datafield><datafield tag="912" ind1=" " ind2=" "><subfield code="a">ZDB-4-EBA</subfield></datafield><datafield tag="049" ind1=" " ind2=" "><subfield code="a">DE-863</subfield></datafield></record></collection> |
| id | ZDB-4-EBA-on1397073395 |
| illustrated | Not Illustrated |
| indexdate | 2024-11-27T13:30:43Z |
| institution | BVB |
| isbn | 9781685690168 1685690165 |
| language | English |
| oclc_num | 1397073395 |
| open_access_boolean | |
| owner | MAIN DE-863 DE-BY-FWS |
| owner_facet | MAIN DE-863 DE-BY-FWS |
| physical | 1 online resource (xxv, 352 pages) |
| psigel | ZDB-4-EBA |
| publishDate | 2023 |
| publishDateSearch | 2023 |
| publishDateSort | 2023 |
| publisher | Artech House, |
| record_format | marc |
| series | Artech House information security and privacy series. |
| series2 | Artech House information security and privacy series |
| spelling | Oppliger, Rolf, author. http://id.loc.gov/authorities/names/n96000042 SSL and TLS : theory and practice / Rolf Oppliger. Third edition. Norwood, MA : Artech House, [2023] 1 online resource (xxv, 352 pages) text txt rdacontent computer c rdamedia online resource cr rdacarrier Artech House information security and privacy series Description based on print version record. Includes bibliographical references and index. Now in its Third Edition, this completely revised and updated reference provides a thorough and comprehensive introduction into the SSL, TLS, and DTLS protocols, explaining all the details and technical subtleties and showing how the current design helps mitigate the attacks that have made press headlines in the past. The book tells the complete story of TLS, from its earliest incarnation (SSL 1.0 in 1994), all the way up to and including TLS 1.3. Detailed descriptions of each protocol version give you a full understanding of why the protocol looked like it did, and why it now looks like it does. You will get a clear, detailed introduction to TLS 1.3 and understand the broader context of how TLS works with firewall and network middleboxes, as well the key topic of public infrastructures and their role in securing TLS. You will also find similar details on DTLS, a close sibling of TLS that is designed to operate over UDP instead of TCP. The book helps you fully understand the rationale behind the design of the SSL, TLS, and DTLS protocols and all of its extensions. It also gives you an in-depth and accessible breakdown of the many vulnerabilities in earlier versions of TLS, thereby more fully equipping you to properly configure and use the protocols in the field and protect against specific (network-based) attacks. With its thorough discussion of widely deployed network security technology, coupled with its practical applications you can utilize today, this is a must-have book for network security practitioners and software/web application developers at all levels. SSL and TLS: Theory and Practice Third Edition -- Contents -- Foreword -- Preface -- References -- Acknowledgments -- Chapter 1 Introduction -- 1.1 INFORMATION AND NETWORK SECURITY -- 1.1.1 Security Services -- 1.1.2 Security Mechanisms -- 1.2 TRANSPORT LAYER SECURITY -- 1.3 FINAL REMARKS -- References -- Chapter 2 SSL Protocol -- 2.1 INTRODUCTION -- 2.2 PROTOCOLS -- 2.2.1 SSL Record Protocol -- 2.2.2 SSL Handshake Protocol -- 2.2.3 SSL Change Cipher Spec Protocol -- 2.2.4 SSL Alert Protocol -- 2.2.5 SSL Application Data Protocol -- 2.3 PROTOCOL TRANSCRIPT -- 2.4 SECURITY ANALYSIS -- 2.5 FINAL REMARKS -- References -- Chapter 3 TLS Protocol -- 3.1 INTRODUCTION -- 3.1.1 TLS PRF -- 3.1.2 Generation of Keying Material -- 3.2 TLS 1.0 -- 3.2.1 Cipher Suites -- 3.2.2 Certificate Management -- 3.2.3 Alert Messages -- 3.2.4 Other Differences -- 3.3 TLS 1.1 -- 3.3.1 Cipher Suites -- 3.3.2 Certificate Management -- 3.3.3 Alert Messages -- 3.3.4 Other Differences -- 3.4 TLS 1.2 -- 3.4.1 TLS Extensions -- 3.4.2 Cipher Suites -- 3.4.3 Certificate Management -- 3.4.4 Alert Messages -- 3.4.5 Other Differences -- 3.5 TLS 1 -- 3.5.1 Handshake Protocol -- 3.5.2 Key Derivation -- 3.5.3 Certificate Management -- 3.5.4 Alert Messages -- 3.5.5 Other Differences -- 3.6 HSTS -- 3.7 PROTOCOL TRANSCRIPTS -- 3.7.1 TLS 1.0 -- 3.7.2 TLS 1.2 -- 3.8 SECURITY ANALYSIS -- 3.9 FINAL REMARKS -- References -- Chapter 4 DTLS Protocol -- 4.1 INTRODUCTION -- 4.2 DTLS 1.0 -- 4.2.1 Record Protocol -- 4.2.2 Handshake Protocol -- 4.3 DTLS 1.2 -- 4.4 DTLS 1.3 -- 4.4.1 Record Protocol -- 4.4.2 Handshake Protocol -- 4.5 SECURITY ANALYSIS -- 4.6 FINAL REMARKS -- References -- Chapter 5 Firewall Traversal -- 5.1 INTRODUCTION -- 5.2 SSL/TLS TUNNELING -- 5.3 SSL/TLS PROXYING -- 5.4 MIDDLEBOX MITIGATION -- 5.5 FINAL REMARKS -- References -- Chapter 6 Public Key Certificates and Internet PKI. 6.1 INTRODUCTION -- 6.2 X.509 CERTIFICATES -- 6.2.1 Certificate Format -- 6.2.2 Hierarchical Trust Model -- 6.3 SERVER CERTIFICATES -- 6.4 CLIENT CERTIFICATES -- 6.5 PROBLEMS AND PITFALLS -- 6.6 CERTIFICATE LEGITIMATION -- 6.6.1 Public Key Pinning -- 6.6.2 DNS Resource Records -- 6.6.3 Distributed Notaries -- 6.6.4 Certificate Transparency -- 6.7 FINAL REMARKS -- References -- Chapter 7 Concluding Remarks -- References -- Appendix A Attacks Against SSL/TLS -- A.1 BLEICHENBACHER ATTACK -- A.1.1 DROWN, ROBOT, and CATs -- A.1.2 Kl´ıma-Pokorn´y-Rosa Attack -- A.1.3 Manger Attack -- A.2 VAUDENAY ATTACK -- A.3 BEAST -- A.4 POODLE -- A.5 RENEGOTIATION ATTACKS -- A.6 COMPRESSION-RELATED ATTACKS -- A.7 KEY EXCHANGE DOWNGRADE ATTACKS -- A.7.1 FREAK -- A.7.2 Logjam -- References -- Appendix B TLS Cipher Suites -- Reference -- Appendix C TLS Extensions -- C.1 OVERVIEW -- C.2 DETAILED EXPLANATIONS -- C.2.1 Server name (0) Extension -- C.2.2 Max fragment length (1) and Record size limit (28) Extensions -- C.2.3 Client certificate url (2) Extension -- C.2.4 Trusted ca keys (3) Extension -- C.2.5 Truncated hmac (4) Extension -- C.2.6 Status request (5) and Status request v2 (17) Extensions -- C.2.7 User mapping (6) Extension -- C.2.8 Client authz (7) and Server authz (8) Extensions -- C.2.9 Cert type (9) Extension -- C.2.10 Supported groups (10) and ec point formats (11) Extensions -- C.2.11 Srp (12) Extension -- C.2.12 Signature algorithms (13) Extension -- C.2.13 Use srtp (14) Extension -- C.2.14 Heartbeat (15) Extension -- C.2.15 Application layer protocol negotiation (16) Extension -- C.2.16 Signed certificate timestamp (18) and transparency info (52) Extensions -- C.2.17 Client certificate type (19) and Server certificate_type (20) Extensions -- C.2.18 Padding (21) Extension -- C.2.19 Encrypt then mac (22) Extension -- C.2.20 Token binding (24) Extension. C.2.21 Cached info (25) Extension -- C.2.22 Compress certificate (27) Extension -- C.2.23 Pwd protect (29), pwd clear (30), and password salt (31) Extensions -- C.2.24 Ticket pinning (32) Extension -- C.2.25 Tls cert with extern psk (33) Extension -- C.2.26 Session ticket (35) and ticket request (58) Extension -- C.2.27 TLMSP (36), TLMSP proxying (37), and TLMSP delegate (38) Extensions -- C.2.28 Supported ekt ciphers (39) Extension -- C.2.29 Pre shared key (41) Extension -- C.2.30 Early data (42) Extension -- C.2.31 Supported versions (43) Extension -- C.2.32 Cookie (44) Extension -- C.2.33 Psk key exchange modes (45) Extension -- C.2.34 Certificate authorities (47) Extension -- C.2.35 Oid filters (48) Extension -- C.2.36 Post handshake auth (49) Extension -- C.2.37 Signature algorithms cert (50) Extension -- C.2.38 Key share (51) Extension -- C.2.39 Connection id (54) Extension -- C.2.40 External id hash (55) and external session id (56) Extensions -- C.2.41 Quic transport parameters (57) Extention -- C.2.42 Dnssec chain (59) Extension -- C.2.43 Renegotiation info (65281) and extended master secret (23) Extensions -- References -- Abbreviations and Acronyms -- About the Author -- Index. Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 World Wide Web Security measures. Computer network protocols. http://id.loc.gov/authorities/subjects/sh85029512 Réseaux d'ordinateurs Sécurité Mesures. Web Sécurité Mesures. Protocoles de réseaux d'ordinateurs. Computer network protocols. fast (OCoLC)fst00872279 Computer networks Security measures. fast (OCoLC)fst00872341 World Wide Web Security measures. fast (OCoLC)fst01181329 has work: SSL and TLS (Text) https://id.oclc.org/worldcat/entity/E39PCGDhdbMxG6bRBTbFF6pJKq https://id.oclc.org/worldcat/ontology/hasWork Print version: Oppliger, Rolf. SSL and TLS. Third edition. Norwood, MA : Artech House, [2023] 9781685690151 (OCoLC)1375548645 Artech House information security and privacy series. http://id.loc.gov/authorities/names/no2007048455 FWS01 ZDB-4-EBA FWS_PDA_EBA https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=3675087 Volltext |
| spellingShingle | Oppliger, Rolf SSL and TLS : theory and practice / Artech House information security and privacy series. SSL and TLS: Theory and Practice Third Edition -- Contents -- Foreword -- Preface -- References -- Acknowledgments -- Chapter 1 Introduction -- 1.1 INFORMATION AND NETWORK SECURITY -- 1.1.1 Security Services -- 1.1.2 Security Mechanisms -- 1.2 TRANSPORT LAYER SECURITY -- 1.3 FINAL REMARKS -- References -- Chapter 2 SSL Protocol -- 2.1 INTRODUCTION -- 2.2 PROTOCOLS -- 2.2.1 SSL Record Protocol -- 2.2.2 SSL Handshake Protocol -- 2.2.3 SSL Change Cipher Spec Protocol -- 2.2.4 SSL Alert Protocol -- 2.2.5 SSL Application Data Protocol -- 2.3 PROTOCOL TRANSCRIPT -- 2.4 SECURITY ANALYSIS -- 2.5 FINAL REMARKS -- References -- Chapter 3 TLS Protocol -- 3.1 INTRODUCTION -- 3.1.1 TLS PRF -- 3.1.2 Generation of Keying Material -- 3.2 TLS 1.0 -- 3.2.1 Cipher Suites -- 3.2.2 Certificate Management -- 3.2.3 Alert Messages -- 3.2.4 Other Differences -- 3.3 TLS 1.1 -- 3.3.1 Cipher Suites -- 3.3.2 Certificate Management -- 3.3.3 Alert Messages -- 3.3.4 Other Differences -- 3.4 TLS 1.2 -- 3.4.1 TLS Extensions -- 3.4.2 Cipher Suites -- 3.4.3 Certificate Management -- 3.4.4 Alert Messages -- 3.4.5 Other Differences -- 3.5 TLS 1 -- 3.5.1 Handshake Protocol -- 3.5.2 Key Derivation -- 3.5.3 Certificate Management -- 3.5.4 Alert Messages -- 3.5.5 Other Differences -- 3.6 HSTS -- 3.7 PROTOCOL TRANSCRIPTS -- 3.7.1 TLS 1.0 -- 3.7.2 TLS 1.2 -- 3.8 SECURITY ANALYSIS -- 3.9 FINAL REMARKS -- References -- Chapter 4 DTLS Protocol -- 4.1 INTRODUCTION -- 4.2 DTLS 1.0 -- 4.2.1 Record Protocol -- 4.2.2 Handshake Protocol -- 4.3 DTLS 1.2 -- 4.4 DTLS 1.3 -- 4.4.1 Record Protocol -- 4.4.2 Handshake Protocol -- 4.5 SECURITY ANALYSIS -- 4.6 FINAL REMARKS -- References -- Chapter 5 Firewall Traversal -- 5.1 INTRODUCTION -- 5.2 SSL/TLS TUNNELING -- 5.3 SSL/TLS PROXYING -- 5.4 MIDDLEBOX MITIGATION -- 5.5 FINAL REMARKS -- References -- Chapter 6 Public Key Certificates and Internet PKI. 6.1 INTRODUCTION -- 6.2 X.509 CERTIFICATES -- 6.2.1 Certificate Format -- 6.2.2 Hierarchical Trust Model -- 6.3 SERVER CERTIFICATES -- 6.4 CLIENT CERTIFICATES -- 6.5 PROBLEMS AND PITFALLS -- 6.6 CERTIFICATE LEGITIMATION -- 6.6.1 Public Key Pinning -- 6.6.2 DNS Resource Records -- 6.6.3 Distributed Notaries -- 6.6.4 Certificate Transparency -- 6.7 FINAL REMARKS -- References -- Chapter 7 Concluding Remarks -- References -- Appendix A Attacks Against SSL/TLS -- A.1 BLEICHENBACHER ATTACK -- A.1.1 DROWN, ROBOT, and CATs -- A.1.2 Kl´ıma-Pokorn´y-Rosa Attack -- A.1.3 Manger Attack -- A.2 VAUDENAY ATTACK -- A.3 BEAST -- A.4 POODLE -- A.5 RENEGOTIATION ATTACKS -- A.6 COMPRESSION-RELATED ATTACKS -- A.7 KEY EXCHANGE DOWNGRADE ATTACKS -- A.7.1 FREAK -- A.7.2 Logjam -- References -- Appendix B TLS Cipher Suites -- Reference -- Appendix C TLS Extensions -- C.1 OVERVIEW -- C.2 DETAILED EXPLANATIONS -- C.2.1 Server name (0) Extension -- C.2.2 Max fragment length (1) and Record size limit (28) Extensions -- C.2.3 Client certificate url (2) Extension -- C.2.4 Trusted ca keys (3) Extension -- C.2.5 Truncated hmac (4) Extension -- C.2.6 Status request (5) and Status request v2 (17) Extensions -- C.2.7 User mapping (6) Extension -- C.2.8 Client authz (7) and Server authz (8) Extensions -- C.2.9 Cert type (9) Extension -- C.2.10 Supported groups (10) and ec point formats (11) Extensions -- C.2.11 Srp (12) Extension -- C.2.12 Signature algorithms (13) Extension -- C.2.13 Use srtp (14) Extension -- C.2.14 Heartbeat (15) Extension -- C.2.15 Application layer protocol negotiation (16) Extension -- C.2.16 Signed certificate timestamp (18) and transparency info (52) Extensions -- C.2.17 Client certificate type (19) and Server certificate_type (20) Extensions -- C.2.18 Padding (21) Extension -- C.2.19 Encrypt then mac (22) Extension -- C.2.20 Token binding (24) Extension. C.2.21 Cached info (25) Extension -- C.2.22 Compress certificate (27) Extension -- C.2.23 Pwd protect (29), pwd clear (30), and password salt (31) Extensions -- C.2.24 Ticket pinning (32) Extension -- C.2.25 Tls cert with extern psk (33) Extension -- C.2.26 Session ticket (35) and ticket request (58) Extension -- C.2.27 TLMSP (36), TLMSP proxying (37), and TLMSP delegate (38) Extensions -- C.2.28 Supported ekt ciphers (39) Extension -- C.2.29 Pre shared key (41) Extension -- C.2.30 Early data (42) Extension -- C.2.31 Supported versions (43) Extension -- C.2.32 Cookie (44) Extension -- C.2.33 Psk key exchange modes (45) Extension -- C.2.34 Certificate authorities (47) Extension -- C.2.35 Oid filters (48) Extension -- C.2.36 Post handshake auth (49) Extension -- C.2.37 Signature algorithms cert (50) Extension -- C.2.38 Key share (51) Extension -- C.2.39 Connection id (54) Extension -- C.2.40 External id hash (55) and external session id (56) Extensions -- C.2.41 Quic transport parameters (57) Extention -- C.2.42 Dnssec chain (59) Extension -- C.2.43 Renegotiation info (65281) and extended master secret (23) Extensions -- References -- Abbreviations and Acronyms -- About the Author -- Index. Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 World Wide Web Security measures. Computer network protocols. http://id.loc.gov/authorities/subjects/sh85029512 Réseaux d'ordinateurs Sécurité Mesures. Web Sécurité Mesures. Protocoles de réseaux d'ordinateurs. Computer network protocols. fast (OCoLC)fst00872279 Computer networks Security measures. fast (OCoLC)fst00872341 World Wide Web Security measures. fast (OCoLC)fst01181329 |
| subject_GND | http://id.loc.gov/authorities/subjects/sh94001277 http://id.loc.gov/authorities/subjects/sh85029512 (OCoLC)fst00872279 (OCoLC)fst00872341 (OCoLC)fst01181329 |
| title | SSL and TLS : theory and practice / |
| title_auth | SSL and TLS : theory and practice / |
| title_exact_search | SSL and TLS : theory and practice / |
| title_full | SSL and TLS : theory and practice / Rolf Oppliger. |
| title_fullStr | SSL and TLS : theory and practice / Rolf Oppliger. |
| title_full_unstemmed | SSL and TLS : theory and practice / Rolf Oppliger. |
| title_short | SSL and TLS |
| title_sort | ssl and tls theory and practice |
| title_sub | : theory and practice / |
| topic | Computer networks Security measures. http://id.loc.gov/authorities/subjects/sh94001277 World Wide Web Security measures. Computer network protocols. http://id.loc.gov/authorities/subjects/sh85029512 Réseaux d'ordinateurs Sécurité Mesures. Web Sécurité Mesures. Protocoles de réseaux d'ordinateurs. Computer network protocols. fast (OCoLC)fst00872279 Computer networks Security measures. fast (OCoLC)fst00872341 World Wide Web Security measures. fast (OCoLC)fst01181329 |
| topic_facet | Computer networks Security measures. World Wide Web Security measures. Computer network protocols. Réseaux d'ordinateurs Sécurité Mesures. Web Sécurité Mesures. Protocoles de réseaux d'ordinateurs. |
| url | https://search.ebscohost.com/login.aspx?direct=true&scope=site&db=nlebk&AN=3675087 |
| work_keys_str_mv | AT oppligerrolf sslandtlstheoryandpractice |