HTTPS

HyperText Transfer Protocol Secure (also known as HTTP + SSL and Secure Hypertext Transfer Protocol; commonly abbreviated https) is a Transport-layer security mechanism, most commonly implementing SSL or TSL encryption mechanisms.

Resources

• generate_uaa_keypair.sh: https://gist.github.com/bijukunjummen/cd8db7b93b1cf347c3e87bb74d718ce2

Tutorials

• HTTPS Is Not Just TLS: https://lukasa.co.uk/2014/09/HTTPS_Is_Not_Just_TLS/
• The HTTP Series (Part 5) -- Security: https://dzone.com/articles/the-http-series-part-5-security
• Testing for SSL renegotiation: https://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html (SSL renegotation is a DDOS vulnerability)
• Tips for Securing SSL Renegotiation: https://securingtomorrow.mcafee.com/technical-how-to/tips-securing-ssl-renegotiation/^[1]
• How to get HTTPS working on your local development environment in 5 minutes: https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec
• Quick & Easy HTTPS For Local Development (when you need to simulate LoadBalancer/Proxy): https://blog.codeship.com/quick-easy-https-for-local-development/
• HTTPS security best practices: https://advancedweb.hu/2018/08/21/https_security/
• X.509 client certificates with Spring Security: https://blog.codecentric.de/en/2018/08/x-509-client-certificates-with-spring-security/

External Links

• wikipedia: HTTP Secure
• wikipedia: Secure Hypertext Transfer Protocol
• A Basic Understanding of Web Protocols -- HTTP and HTTPS: https://dzone.com/articles/easy-understanding-of-web-protocols-http-and-https
• HTTPS From HTTP -- How And Why You Need To Migrate: https://dzone.com/articles/safer-web-practices-with-https-website-https-from

References

1. ↑ TLS computational DoS mitigation: https://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation

See Also

HTTP | SSL | TLS | Security