HSC
Network Security Consulting Agency Since 1989 - Specialized in Unix, Windows, TCP/IP and Internet
Text mode: access to the page content
Hervé Schauer Consultants
You are here: Home > Resources > Lectures > TLS security, wishful thinking ?
Go to: HSC Trainings
Télécharger le catalogue des formations
Search:  
Version française
   Services   
o Skills & Expertise
o Consulting
o ISO 27001 services
o Audit & Assessment
o Penetration tests
o Vunerability assessment (TSAR)
o Forensics
o ARJEL
o Training courses
o E-learning
   Conferences   
o Agenda
o Past events
o Tutorials
   Resources   
o Thematic index
o Tips
o Lectures
o Courses
o Articles
o Tools (download)
o Vulnerability watch
   Company   
o Hervé Schauer
o Team
o Job opportunities
o Credentials
o History
o Partnerships
o Associations
   Press and
 communication
 
 
o HSC Newsletter
o Bulletin juridique HSC
o Press review
o Press releases
o Publications
   Contacts   
o How to reach us
o Specific inquiries
o Directions to our office
o Hotels near our office
|>|TLS security, wishful thinking ?  
> Access to the content HTML Beginning of the presentation
PDF PDF version [468]  
> Description SSL protocol, now know as TLS is one of the most frequently encountered cryptographic protocol. Security services it is expected to provide are supposed to protect financial informations from criminal eyes, privacy from undesirable inquiries and even sometime political activist life. A lot has been written on TLS security , from the most pessimistic view to naive optimism. Doubt regarding TLS security is not with basis: first, a string of vulnerabilities have been published regarding the protocol and available cryptographic suites, second attacks on certification authorities are raising serious questions on the reliability of the centralised certification model, thirth implementation and their use are often faulty, particularly in the new domain formed by mobile devices. The goal of this presentation is to look at the threat model, demonstrate that TLS is still a viable option in most cases, but also a call to arms to provide developpers a proper API to implement TLS calls with.  
> Context & Dates Talk presented during JSSI 2014, on 17 March 2014.
 
> Author Christophe Renard (Christophe.Renard@hsc.fr)  
> Type [ French - HTML ]  
> Abstract &
Table of content
Flyleaf
img00.png
img01.png
img02.png
img03.png
img04.png
img05.png
img06.png
img07.png
img08.png
img09.png
img10.png
img11.png
img12.png
img13.png
img14.png
img15.png
img16.png
img17.png
img18.png
img19.png
img20.png
img21.png
img22.png
img23.png
img24.png
img25.png
img26.png
img27.png
img28.png
img29.png
img30.png
img31.png
img32.png
img33.png
img34.png
img35.png
img36.png
img37.png
img38.png
img39.png
img40.png
img41.png
img42.png
img43.png
img44.png
img45.png
img46.png
img47.png
img48.png
img49.png
img50.png
img51.png
img52.png
img53.png
img54.png
img55.png
img56.png
img57.png
img58.png  
> Related documents
themeSSL (Secure Socket Layer)
[Course]  Data Exchanges Security: IPsec, SSL, SSH
[Presentation]  Tunnels detection at network border [2 June 2006 - French]
[Article]  Détection de tunnels aux limites du périmètre [2 June 2006 - French]
[Presentation]  Firewalls are not dead [10 May 2005 - French]
[Presentation]  SSL VPN connection multiplexing techniques [7 April 2005 - English]
[Presentation]  SSLtunnel for Windows [22 September 2004 - French]
[Tip]  FTP over SSL [2 August 2004 - ]
[Presentation]  SSLTunnel : VPN for roadwarriors [4 February 2004 - French]
[Tool]  SSLTunnel tool [PPP VPN on SSL - English]
[Tip]  HTTP/HTTPS authentication methods [10 March 2003 - French]
[Presentation]  OpenSSL and applications of OpenSSL [6 November 2002 - French]
[Presentation]  Monkey in the Middle Attacks against SSH and HTTPS [23 January 2002 - French]
[Tip]  Apache: Virtual hosts and SSL (mod_ssl) [21 December 2001 - French]
[Tip]  Using OpenSSL for SSL/TLS applications [21 December 2001 - French]
[Tip]  Why HTTPS is not web security [7 May 2001 - English]
[Presentation]  Monkey in the middle attacks against SSH and HTTPS [6 February 2001 - French]
[Tip]  Instaling postfix with TLS (secure mail server) [30 November 2000 - French]
[Presentation]  Network encryption: IPsec, SSL, SSH [26 September 2000 - English]
[Presentation]  SMTP-TLS: Towards securing SMTP [11 September 2000 - French]
[Presentation]  Network Encryption: IPsec, SSL, SSH [26 April 2000 - French/English]
[Presentation]  Network Security with Linux: SSL, IPsec, SSH [1 February 2000 - French]
[Presentation]  Secure Socket Layer (SSL) [22 April 1997 - French]
themeCryptography
[Course]  Understanding PKI
[Course]  Data Exchanges Security: IPsec, SSL, SSH
[Presentation]  [7 February 2014 - French]
[Presentation]  Analysis of the encryption structures provided by BitLocker [3 April 2012 - French]
[Course]  Understanding PKI [4 April 2003 - French]
[Course]  Introduction to cryptography [9 February 2001 - French]
[Article]  Random Numbers Generators [February 2000 - French]
[Presentation]  Overview of encryption tools and their use [25 November 1999 - French]
[Techno-watch]  Analyse du produit Security Box Classic [18 March 1999 - French]
[Techno-watch]  Point de vue de la DISSI : les lois françaises sur le chiffrement [3 July 1995 - French]
themeOpenSSL
[Tool]  SSLTunnel tool [PPP VPN on SSL - English]
[Presentation]  OpenSSL and applications of OpenSSL [6 November 2002 - French]
[Tip]  X509 certificats revocation [14 June 2002 - French]
[Tip]  Using OpenSSL for SSL/TLS applications [21 December 2001 - French]
> Copyright © 2014, Hervé Schauer Consultants, all rights reserved.

 

Last modified on 6 May 2014 at 16:22:23 CET - webmaster@hsc.fr
Information on this server - © 1989-2013 Hervé Schauer Consultants