HTTPS
From BC$ MobileTV Wiki
HyperText Transfer Protocol Secure (also known as HTTP + SSL and Secure Hypertext Transfer Protocol; commonly abbreviated https) is a Transport-layer security mechanism, most commonly implementing SSL or TSL encryption mechanisms.
Resources
- generate_uaa_keypair.sh: https://gist.github.com/bijukunjummen/cd8db7b93b1cf347c3e87bb74d718ce2
Tutorials
- HTTPS Is Not Just TLS: https://lukasa.co.uk/2014/09/HTTPS_Is_Not_Just_TLS/
- The HTTP Series (Part 5) -- Security: https://dzone.com/articles/the-http-series-part-5-security
- Testing for SSL renegotiation: https://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html (SSL renegotation is a DDOS vulnerability)
- Tips for Securing SSL Renegotiation: https://securingtomorrow.mcafee.com/technical-how-to/tips-securing-ssl-renegotiation/[1]
- An HTTPS client and HTTPS server demo in Java: https://www.pixelstech.net/article/1445603357-A-HTTPS-client-and-HTTPS-server-demo-in-Java
- Android’s HTTP(S) Clients: https://android-developers.googleblog.com/2011/09/androids-http-clients.html[2]
- Security with HTTPS and SSL: https://developer.android.com/training/articles/security-ssl.html#java
- How to use java.net.URLConnection to fire and handle HTTP requests?: https://stackoverflow.com/questions/2793150/how-to-use-java-net-urlconnection-to-fire-and-handle-http-requests/32781880#32781880
- Subsequent HTTPS POST request in Java with cookies retained: https://stackoverflow.com/questions/32591295/subsequent-https-post-request-in-java-with-cookies-retained/32592521#32592521
- How to get HTTPS working on your local development environment in 5 minutes: https://medium.freecodecamp.org/how-to-get-https-working-on-your-local-development-environment-in-5-minutes-7af615770eec
- Quick & Easy HTTPS For Local Development (when you need to simulate LoadBalancer/Proxy): https://blog.codeship.com/quick-easy-https-for-local-development/
- HTTPS security best practices: https://advancedweb.hu/2018/08/21/https_security/
- X.509 client certificates with Spring Security: https://blog.codecentric.de/en/2018/08/x-509-client-certificates-with-spring-security/
- A simple post-HTTP-to-HTTPS SEO checklist: https://www.hashemian.com/blog/2017/09/simple-post-http-to-https-seo-checklist.htm
External Links
- wikipedia: HTTP Secure
- wikipedia: Secure Hypertext Transfer Protocol
- A Basic Understanding of Web Protocols -- HTTP and HTTPS: https://dzone.com/articles/easy-understanding-of-web-protocols-http-and-https
- Moving to HTTPS from HTTP -- How And Why You Need To Migrate: https://dzone.com/articles/safer-web-practices-with-https-website-https-from
- HTTPS crypto-shame -- TV Licensing website pulled offline: https://www.theregister.co.uk/2018/09/06/tv_licensing_https_fail/
- Let's Encrypt is Not a Really, Really, Really Bad Idea!: https://www.defenseagainstthedarkarts.com/lets-encrypt-is-not-a-really-really-really-bad-idea/
- Is it safe to use SSL SNI in production?: https://blog.layershift.com/sni-ssl-production-ready/
References
- ↑ TLS computational DoS mitigation: https://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation
- ↑ Possible switch from Apache Http Client to HttpUrlConnection: https://github.com/android-async-http/android-async-http/issues/75
