Difference between revisions of "HTTPS"

From BC$ MobileTV Wiki
Jump to: navigation, search
 
(50 intermediate revisions by 2 users not shown)
Line 1: Line 1:
'''H'''yper'''T'''ext '''T'''ransfer '''P'''rotocol '''S'''ecurity (also known as ''HTTP'' + ''SSL''; commonly abbreviated ''https'').
+
'''H'''yper'''T'''ext '''T'''ransfer '''P'''rotocol '''S'''ecure (also known as ''HTTP'' + ''SSL'' and ''Secure Hypertext Transfer Protocol''; commonly abbreviated ''https'') is a Transport-layer security mechanism, most commonly implementing [[SSL]] or [[TSL]] encryption mechanisms.
  
  
  
  
== External Links ==
 
  
[[wikipedia:HyperText Transfer Protocol Security]]
 
  
 +
== Resources ==
  
 +
* CA Security -- The London Protocol: https://casecurity.org/2018/06/27/the-london-protocol/<ref>RESEARCH PAPER –RELATIVE INCIDENCE OF PHISHING AMONG DV, OV, AND EV ENCRYPTED WEBSITES: https://casecurity.org/wp-content/uploads/2017/09/Incidence-of-Phishing-Among-DV-OV-and-EV-Websites-9-13-2017-short-ve....pdf</ref><ref>Digicert Withdraws from the CA Security Council: https://news.ycombinator.com/item?id=17438022</ref>
 +
* generate_uaa_keypair.sh: https://gist.github.com/bijukunjummen/cd8db7b93b1cf347c3e87bb74d718ce2
 +
* Code to disable SSL certificate checking for any new instances of HttpsUrlConnection: https://gist.github.com/aembleton/889392<ref>Way to Ignore SSL certificate using ''HttpsURLConnection'': https://stackoverflow.com/questions/33084855/way-to-ignore-ssl-certificate-using-httpsurlconnection</ref><ref>Skip SSL HostName Verification Java ''HttpsURLConnection'': pankajmalhotra.com/Skip-SSL-HostName-Verification-Java-HttpsURLConnection</ref>
 +
* Unable to connect to SSL services due to "PKIX Path Building Failed" error: https://confluence.atlassian.com/kb/unable-to-connect-to-ssl-services-due-to-pkix-path-building-failed-779355358.html  | [https://github.com/MichalHecko/SSLPoke SRC] (''SSL Poke''<ref>Use SSL Poke to test Java SSL connection: https://matthewdavis111.com/java/poke-ssl-test-java-certs/</ref><ref>Connecting to SSL services: https://confluence.atlassian.com/jira/connecting-to-ssl-services-117455.html</ref> test class & instructions)
  
 +
 +
== Tutorials ==
 +
 +
* Configuring your server to provide HTTPS using Let's Encrypt and Nginx: https://medium.com/hackernoon/configuring-your-server-to-provide-https-using-lets-encrypt-and-nginx-e46a5ae93e41
 +
* How to View SSL Certificate Details in Each Browser and What You Can Learn: https://www.globalsign.com/en/blog/how-to-view-ssl-certificate-details
 +
* HTTPS Is Not Just TLS: https://lukasa.co.uk/2014/09/HTTPS_Is_Not_Just_TLS/
 +
* The HTTP Series (Part 5) -- Security: https://dzone.com/articles/the-http-series-part-5-security
 +
* Testing for SSL renegotiation: https://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html (''SSL renegotation'' is a DDOS vulnerability)
 +
* Tips for Securing SSL Renegotiation: https://securingtomorrow.mcafee.com/technical-how-to/tips-securing-ssl-renegotiation/<ref>TLS computational DoS mitigation: https://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation</ref>
 +
* Apache Web Service -- Best Practice - 301 Redirect HTTP to HTTPS (Standard Domain): https://stackoverflow.com/questions/29029049/best-practice-301-redirect-http-to-https-standard-domain
 +
* How to redirect HTTP requests to HTTPS by using IIS URL Rewrite: https://port135.com/redirect-http-requests-to-https-by-using-iis-url-rewrite/
 +
 +
* An HTTPS client and HTTPS server demo in Java: https://www.pixelstech.net/article/1445603357-A-HTTPS-client-and-HTTPS-server-demo-in-Java
 +
* Android’s HTTP(S) Clients: https://android-developers.googleblog.com/2011/09/androids-http-clients.html<ref>Possible switch from Apache Http Client to HttpUrlConnection: https://github.com/android-async-http/android-async-http/issues/75</ref>
 +
* Security with HTTPS and SSL: https://developer.android.com/training/articles/security-ssl.html#java
 +
* How to use ''java.net.URLConnection'' to fire and handle HTTP requests?: https://stackoverflow.com/questions/2793150/how-to-use-java-net-urlconnection-to-fire-and-handle-http-requests/32781880#32781880
 +
* Subsequent HTTPS POST request in Java with cookies retained: https://stackoverflow.com/questions/32591295/subsequent-https-post-request-in-java-with-cookies-retained/32592521#32592521
 +
* Apache HttpClient 4.1 - Proxy Settings: https://stackoverflow.com/questions/4955644/apache-httpclient-4-1-proxy-settings
 +
* Connecting Through Proxy Servers in Core Java: https://www.baeldung.com/java-connect-via-proxy-server
 +
<ref>How to resolve error message ''java.io.IOException'' Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Invalid URI"'' by explicitly pointing to your system's proxy (particularly useful on corporate connections often stuck behind Proxy/Firewall): https://stackoverflow.com/questions/52713258/java-io-ioexception-unable-to-tunnel-through-proxy-proxy-returns-http-1-1-400</ref>
 +
<ref>How to fix ''java.io.IOException: Unable to tunnel through proxy. Proxy returns “HTTP/1.1 400 Bad Request”''?: https://stackoverflow.com/questions/59520223/how-to-fix-java-io-ioexception-unable-to-tunnel-through-proxy-proxy-returns-h</ref>
 +
<ref>Unable to connect to Production / Developement Server from Eclipse IDE: https://developer.salesforce.com/forums/?id=906F00000009CXGIA2</ref>
 +
<ref>Unable to tunnel through proxy. Proxy returns “HTTP/1.1 407” via https: https://stackoverflow.com/questions/41505219/unable-to-tunnel-through-proxy-proxy-returns-http-1-1-407-via-https</ref>
 +
<ref>IO Exception: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required": https://github.com/jeremylong/DependencyCheck/issues/718</ref>
 +
<ref>Basic authentication fails for outgoing proxy in Java 8u111: https://confluence.atlassian.com/kb/basic-authentication-fails-for-outgoing-proxy-in-java-8u111-909643110.html</ref>
 +
 +
* '''How to get HTTPS working on your local development environment in 5 minutes: https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec'''
 +
* Heroku Dev center - Creating a Self-Signed SSL Certificate: https://devcenter.heroku.com/articles/ssl-certificate-self
 +
* Self-Signed, Trusted Certificates for Node.js & Express.js: https://www.kevinleary.net/self-signed-trusted-certificates-node-js-express-js/<ref>Securing your localhost for NodeJS Dev environments: https://blog.praveen.science/securing-your-localhost/</ref>
 +
* Quick & Easy HTTPS For Local Development (when you need to simulate LoadBalancer/Proxy): https://blog.codeship.com/quick-easy-https-for-local-development/
 +
* HTTPS security best practices: https://advancedweb.hu/2018/08/21/https_security/
 +
* X.509 client certificates with Spring Security: https://blog.codecentric.de/en/2018/08/x-509-client-certificates-with-spring-security/
 +
* A simple post-HTTP-to-HTTPS SEO checklist: https://www.hashemian.com/blog/2017/09/simple-post-http-to-https-seo-checklist.htm
 +
 +
* The Java Developer’s Guide to SSL Certificates: https://medium.com/@codebyamir/the-java-developers-guide-to-ssl-certificates-b78142b3a0fc
 +
* Installing Trusted Certificates into a Java Keystore: https://blogs.oracle.com/jtc/installing-trusted-certificates-into-a-java-keystore
 +
* How to add certificate chain to keystore?: https://stackoverflow.com/questions/16062072/how-to-add-certificate-chain-to-keystore
 +
* Java HTTPS to a server with a self-signed certificate: https://www.artificialworlds.net/blog/2015/12/07/java-https-to-a-server-with-a-self-signed-certificate/
 +
* Oracle guide to Creating, Exporting, and Importing SSL Certificates: https://docs.oracle.com/cd/E54932_01/doc.705/e54936/cssg_create_ssl_cert.htm#CSVSG178
 +
<ref>Accept server's self-signed ssl certificate in Java client: https://stackoverflow.com/questions/2893819/accept-servers-self-signed-ssl-certificate-in-java-client</ref>
 +
<ref>Unit/Integration Testing HTTPS in Java with a self-signed certificate: https://blog.arkey.fr/2017/10/19/self-signed-certificates-in-java.en/</ref>
 +
<ref>Import a certificate to the Java Keystore: https://docs.plm.automation.siemens.com/content/polarion/19.1/help/en_US/polarion_windows_installation/manually_updating_third_party_software/import_a_certificate_to_the_java_keystore.html (including how to remove using ''keytool -delete -alias mykey -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit'')</ref>
 +
<ref>Configure a Java HTTP Client to Accept Self-Signed Certificates: https://kb.novaordis.com/index.php/Configure_a_Java_HTTP_Client_to_Accept_Self-Signed_Certificates</ref>
 +
<ref>To Delete a Certificate by Using keytool: https://docs.oracle.com/cd/E19798-01/821-1751/ghleq/index.html</ref>
 +
<ref>Convert P7B to PFX with OpenSSL: https://www.lisenet.com/2014/convert-p7b-to-pfx-with-openssl/</ref>
 +
<ref>How to tell Maven to disregard SSL errors (and trusting all certs)?: https://stackoverflow.com/questions/21252800/how-to-tell-maven-to-disregard-ssl-errors-and-trusting-all-certs</ref>
 +
<ref>Error Importing SSL certificate - Not an X.509 Certificate: https://stackoverflow.com/questions/9889669/error-importing-ssl-certificate-not-an-x-509-certificate/22028156#22028156</ref>
 +
<ref>When I will get HTTP 504 error using java HttpUrlConnection Class: https://stackoverflow.com/questions/21776176/when-i-will-get-http-504-error-using-java-httpurlconnection-class</ref>
 +
* How to Configure SSL Certificate in Apache Web Server: https://www.itsmarttricks.com/how-to-configure-ssl-certificate-in-apache-web-server/
 +
 +
 +
== External Links ==
 +
 +
* [[wikipedia: HTTP Secure]]
 +
* [[wikipedia: Secure Hypertext Transfer Protocol]]
 +
* A Basic Understanding of Web Protocols -- HTTP and HTTPS: https://dzone.com/articles/easy-understanding-of-web-protocols-http-and-https
 +
* Why HTTPS matters: https://web.dev/why-https-matters/
 +
* Moving to HTTPS from HTTP -- How And Why You Need To Migrate: https://dzone.com/articles/safer-web-practices-with-https-website-https-from
 +
* HTTPS crypto-shame -- TV Licensing website pulled offline: https://www.theregister.co.uk/2018/09/06/tv_licensing_https_fail/
 +
* Let's Encrypt is Not a Really, Really, Really Bad Idea!: https://www.defenseagainstthedarkarts.com/lets-encrypt-is-not-a-really-really-really-bad-idea/
 +
* Is it safe to use SSL SNI in production?: https://blog.layershift.com/sni-ssl-production-ready/
 +
* How Firefox's ''HTTPS-only'' mode solves the first insecure request problem: https://advancedweb.hu/how-firefoxs-https-only-mode-solves-the-first-insecure-request-problem/
 +
* DigiCert SSL Certificate Prices: How Much Does a DigiCert SSL Certificate Cost?: https://www.rapidsslonline.com/ssl/digicert-ssl-certificate-prices/
 +
* 95% of HTTPS servers (could be) vulnerable to trivial MITM attacks: https://news.netcraft.com/archives/2016/03/17/95-of-https-servers-vulnerable-to-trivial-mitm-attacks.html
 +
* DST Root CA X3 Expiration (September 2021): https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/
 +
 +
== References ==
 +
 +
<references />
  
 
== See Also ==
 
== See Also ==
  
[[HTTP]] | [[SSL]] | [[Security]]
+
[[HTTP]] | [[SSL]] | [[TLS]] | [[Security]] | [[SEO]]
 +
 
 +
[[Category:Communication Protocol]]

Latest revision as of 18:21, 29 December 2021

HyperText Transfer Protocol Secure (also known as HTTP + SSL and Secure Hypertext Transfer Protocol; commonly abbreviated https) is a Transport-layer security mechanism, most commonly implementing SSL or TSL encryption mechanisms.




Resources


Tutorials

[9] [10] [11] [12] [13] [14]

[16] [17] [18] [19] [20] [21] [22] [23] [24]


External Links

References

  1. RESEARCH PAPER –RELATIVE INCIDENCE OF PHISHING AMONG DV, OV, AND EV ENCRYPTED WEBSITES: https://casecurity.org/wp-content/uploads/2017/09/Incidence-of-Phishing-Among-DV-OV-and-EV-Websites-9-13-2017-short-ve....pdf
  2. Digicert Withdraws from the CA Security Council: https://news.ycombinator.com/item?id=17438022
  3. Way to Ignore SSL certificate using HttpsURLConnection: https://stackoverflow.com/questions/33084855/way-to-ignore-ssl-certificate-using-httpsurlconnection
  4. Skip SSL HostName Verification Java HttpsURLConnection: pankajmalhotra.com/Skip-SSL-HostName-Verification-Java-HttpsURLConnection
  5. Use SSL Poke to test Java SSL connection: https://matthewdavis111.com/java/poke-ssl-test-java-certs/
  6. Connecting to SSL services: https://confluence.atlassian.com/jira/connecting-to-ssl-services-117455.html
  7. TLS computational DoS mitigation: https://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation
  8. Possible switch from Apache Http Client to HttpUrlConnection: https://github.com/android-async-http/android-async-http/issues/75
  9. How to resolve error message java.io.IOException Unable to tunnel through proxy. Proxy returns "HTTP/1.1 400 Invalid URI" by explicitly pointing to your system's proxy (particularly useful on corporate connections often stuck behind Proxy/Firewall): https://stackoverflow.com/questions/52713258/java-io-ioexception-unable-to-tunnel-through-proxy-proxy-returns-http-1-1-400
  10. How to fix java.io.IOException: Unable to tunnel through proxy. Proxy returns “HTTP/1.1 400 Bad Request”?: https://stackoverflow.com/questions/59520223/how-to-fix-java-io-ioexception-unable-to-tunnel-through-proxy-proxy-returns-h
  11. Unable to connect to Production / Developement Server from Eclipse IDE: https://developer.salesforce.com/forums/?id=906F00000009CXGIA2
  12. Unable to tunnel through proxy. Proxy returns “HTTP/1.1 407” via https: https://stackoverflow.com/questions/41505219/unable-to-tunnel-through-proxy-proxy-returns-http-1-1-407-via-https
  13. IO Exception: Unable to tunnel through proxy. Proxy returns "HTTP/1.1 407 Proxy Authentication Required": https://github.com/jeremylong/DependencyCheck/issues/718
  14. Basic authentication fails for outgoing proxy in Java 8u111: https://confluence.atlassian.com/kb/basic-authentication-fails-for-outgoing-proxy-in-java-8u111-909643110.html
  15. Securing your localhost for NodeJS Dev environments: https://blog.praveen.science/securing-your-localhost/
  16. Accept server's self-signed ssl certificate in Java client: https://stackoverflow.com/questions/2893819/accept-servers-self-signed-ssl-certificate-in-java-client
  17. Unit/Integration Testing HTTPS in Java with a self-signed certificate: https://blog.arkey.fr/2017/10/19/self-signed-certificates-in-java.en/
  18. Import a certificate to the Java Keystore: https://docs.plm.automation.siemens.com/content/polarion/19.1/help/en_US/polarion_windows_installation/manually_updating_third_party_software/import_a_certificate_to_the_java_keystore.html (including how to remove using keytool -delete -alias mykey -keystore %JAVA_HOME%\lib\security\cacerts -storepass changeit)
  19. Configure a Java HTTP Client to Accept Self-Signed Certificates: https://kb.novaordis.com/index.php/Configure_a_Java_HTTP_Client_to_Accept_Self-Signed_Certificates
  20. To Delete a Certificate by Using keytool: https://docs.oracle.com/cd/E19798-01/821-1751/ghleq/index.html
  21. Convert P7B to PFX with OpenSSL: https://www.lisenet.com/2014/convert-p7b-to-pfx-with-openssl/
  22. How to tell Maven to disregard SSL errors (and trusting all certs)?: https://stackoverflow.com/questions/21252800/how-to-tell-maven-to-disregard-ssl-errors-and-trusting-all-certs
  23. Error Importing SSL certificate - Not an X.509 Certificate: https://stackoverflow.com/questions/9889669/error-importing-ssl-certificate-not-an-x-509-certificate/22028156#22028156
  24. When I will get HTTP 504 error using java HttpUrlConnection Class: https://stackoverflow.com/questions/21776176/when-i-will-get-http-504-error-using-java-httpurlconnection-class

See Also

HTTP | SSL | TLS | Security | SEO