SSL/TLS Quick Reference
Everything you need day‑to‑day – handshake, cipher suites, certificates, and security.
SSL vs TLS
SSL (Secure Sockets Layer)
- Developed by Netscape (1994)
- SSL 1.0 – never released
- SSL 2.0 – insecure, deprecated (2011)
- SSL 3.0 – insecure (POODLE attack, 2014)
- All SSL versions are deprecated
- Do not use SSL – use TLS only
TLS (Transport Layer Security)
- Successor to SSL (1999)
- TLS 1.0 – deprecated (RFC 2246)
- TLS 1.1 – deprecated (RFC 4346)
- TLS 1.2 – widely used, still secure (RFC 5246)
- TLS 1.3 – latest, improved security/performance (RFC 8446)
- Use TLS 1.2 or TLS 1.3 only
TLS Versions Comparison
| Version | Year | Ciphers | Security | Status |
|---|---|---|---|---|
| TLS 1.0 | 1999 | CBC, RC4, 3DES | Weak (BEAST, POODLE) | Deprecated |
| TLS 1.1 | 2006 | CBC, 3DES | Weak (padding oracle) | Deprecated |
| TLS 1.2 | 2008 | GCM, CCM, CBC | Secure (with strong ciphers) | Recommended |
| TLS 1.3 | 2018 | GCM, ChaCha20, Poly1305 | Very Secure | Recommended (modern) |
TLS Handshake
TLS 1.2 Handshake (4 steps)
Client Server | | |--- ClientHello (ciphers, TLS version) -->| | | |<- ServerHello (cipher, cert, key, etc) --| | | |--- ClientKeyExchange (pre‑master secret)-| |--- ChangeCipherSpec -------------------->| |--- Finished ---------------------------->| | | |<- ChangeCipherSpec ----------------------| |<- Finished ------------------------------| | | | Secure tunnel established |
TLS 1.3 Handshake (faster, 1‑RTT)
Client Server | | |--- ClientHello (key share, ciphers) ------->| | | |<- ServerHello (key share, cert) ------------| |<- Finished ---------------------------------| | | |--- Finished --------------------------------| | | | Secure tunnel established (0‑RTT optional) |
Key Exchange Methods
- RSA – classic, used in TLS 1.2
- Diffie‑Hellman (DHE) – ephemeral, perfect forward secrecy
- Elliptic Curve Diffie‑Hellman (ECDHE) – efficient, PFS, recommended
- PSK – Pre‑Shared Key (IoT, embedded)
- TLS 1.3 – requires DHE or ECDHE (no static RSA)
Certificates (x.509)
Certificate Fields
- Subject – entity (CN, O, OU, L, ST, C)
- Issuer – CA that signed it
- Validity – not before / not after
- Public Key – RSA, ECC
- Signature – algorithm and CA signature
- Extensions – SAN, Key Usage, Basic Constraints
Certificate Types
- DV – Domain Validation (basic)
- OV – Organisation Validation (business)
- EV – Extended Validation (green bar)
- Wildcard – *.example.com (any subdomain)
- SAN – Subject Alternative Name (multiple domains)
- Self‑signed – not trusted, internal use
Certificate Chain
Root CA (trusted)
│
├── Intermediate CA 1
│ │
│ ├── Intermediate CA 2
│ │ │
│ │ └── Server Certificate (your domain)
│ │
│ └── Server Certificate
│
└── Intermediate CA 3
│
└── Server Certificate
OpenSSL Commands
# Generate private key (RSA 2048) openssl genrsa -out private.key 2048 # Generate CSR (Certificate Signing Request) openssl req -new -key private.key -out request.csr # Self‑signed certificate (dev testing) openssl req -x509 -new -nodes -key private.key -sha256 -days 365 -out certificate.crt # View certificate openssl x509 -in certificate.crt -text -noout # Verify certificate chain openssl verify -CAfile ca.crt certificate.crt # Convert PEM to PKCS12 (for Windows/Java) openssl pkcs12 -export -out certificate.pfx -inkey private.key -in certificate.crt -certfile ca.crt # Check SSL/TLS configuration of a server openssl s_client -connect example.com:443 -tls1_2 # Check with SNI openssl s_client -servername example.com -connect example.com:443
Nginx SSL Configuration (Modern)
server {
listen 443 ssl http2;
server_name example.com;
ssl_certificate /etc/ssl/certs/fullchain.pem;
ssl_certificate_key /etc/ssl/private/private.key;
# TLS versions (no SSL or TLS 1.0/1.1)
ssl_protocols TLSv1.2 TLSv1.3;
# Strong ciphers (TLS 1.2)
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305';
# Prefer server ciphers
ssl_prefer_server_ciphers off;
# DH parameter (2048+ bits)
ssl_dhparam /etc/ssl/certs/dhparam.pem;
# HSTS (HTTP Strict Transport Security)
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# OCSP stapling
ssl_stapling on;
ssl_stapling_verify on;
}
Apache SSL Configuration (Modern)
SSLEngine on SSLCertificateFile /etc/ssl/certs/fullchain.pem SSLCertificateKeyFile /etc/ssl/private/private.key # TLS versions SSLProtocol all -SSLv3 -TLSv1 -TLSv1.1 # Strong ciphers SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305 SSLHonorCipherOrder off # HSTS Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains"
Cipher Suites (TLS 1.2)
| Cipher Suite | Key Exchange | Authentication | Encryption | Hash | Security |
|---|---|---|---|---|---|
ECDHE-ECDSA-AES128-GCM-SHA256 |
ECDHE | ECDSA | AES128-GCM | SHA256 | Very Strong |
ECDHE-RSA-AES128-GCM-SHA256 |
ECDHE | RSA | AES128-GCM | SHA256 | Very Strong |
ECDHE-ECDSA-CHACHA20-POLY1305 |
ECDHE | ECDSA | ChaCha20-Poly1305 | SHA256 | Very Strong |
ECDHE-RSA-AES256-GCM-SHA384 |
ECDHE | RSA | AES256-GCM | SHA384 | Very Strong |
DHE-RSA-AES128-GCM-SHA256 |
DHE | RSA | AES128-GCM | SHA256 | Strong |
RSA-AES128-GCM-SHA256 |
RSA | RSA | AES128-GCM | SHA256 | Weak (no PFS) |
RSA-AES128-CBC-SHA |
RSA | RSA | AES128-CBC | SHA | Weak (deprecated) |
TLS 1.3 Cipher Suites
TLS_AES_128_GCM_SHA256– AES 128 GCMTLS_AES_256_GCM_SHA384– AES 256 GCMTLS_CHACHA20_POLY1305_SHA256– ChaCha20TLS_AES_128_CCM_SHA256– AES 128 CCM
Common Attacks & Mitigations
| Attack | Description | Mitigation |
|---|---|---|
| POODLE | SSLv3 CBC padding oracle | Disable SSLv3, use TLS 1.2+ |
| BEAST | TLS 1.0 CBC attack | Use TLS 1.2+, GCM ciphers |
| Heartbleed | OpenSSL heartbeat read overflow | Upgrade OpenSSL, revoke keys/certs |
| FREAK | Export‑grade cipher downgrade | Disable export ciphers |
| Logjam | DHE export‑grade downgrade | Use ECDHE, disable DHE_EXPORT |
| Sweet32 | 64‑bit block cipher (3DES) | Disable 3DES, use AES |
| DROWN | Cross‑protocol SSLv2 attack | Disable SSLv2, SSLv3 |
| Perfect Forward Secrecy (PFS) | Not an attack – lack of PFS | Use ECDHE or DHE |
Best Practices
- Use TLS 1.2 or TLS 1.3 – disable SSL and TLS 1.0/1.1
- Use strong ciphers – GCM/ChaCha20, avoid CBC (unless TLS 1.3)
- Enable Perfect Forward Secrecy – use ECDHE or DHE key exchange
- Use 2048‑bit RSA or ECDSA (P‑256, P‑384) – for certificates
- Enable HSTS – Strict‑Transport‑Security header
- Enable OCSP Stapling – improve certificate revocation checking
- Use strong DH parameters – 2048+ bits (or disable static DH)
- Monitor and rotate certificates – before expiration
- Use Let's Encrypt – free, automated certificates
- Test your configuration – with SSL Labs, testssl.sh
- Use Certificate Transparency – for domain validation
Testing Tools
- SSL Labs –
https://www.ssllabs.com/ssltest/ - testssl.sh – CLI tool:
./testssl.sh example.com - openssl s_client – manual testing
- nmap ssl‑enum – discover supported ciphers
- sslyze – Python SSL/TLS scanner
Test with testssl.sh
git clone https://github.com/drwetter/testssl.sh
cd testssl.sh
./testssl.sh https://example.com
# Check specific protocol
./testssl.sh --tls1_3 example.com
Certificates in Code (Java KeyStore)
# Generate Keystore with self‑signed cert keytool -genkey -alias mydomain -keyalg RSA -keysize 2048 -keystore keystore.jks -validity 365 # List Keystore contents keytool -list -v -keystore keystore.jks # Import certificate into truststore keytool -import -trustcacerts -alias mydomain -file certificate.crt -keystore truststore.jks
📌 Quick Reference
TLS versions: TLS 1.2 (secure), TLS 1.3 (recommended) – disable SSLv3, TLS 1.0, TLS 1.1
Handshake: ClientHello → ServerHello → KeyExchange → Finished
Key exchange: ECDHE (best, PFS), DHE (PFS), RSA (no PFS, deprecated)
Ciphers: AES‑GCM (TLS 1.2), ChaCha20‑Poly1305 (TLS 1.2/1.3)
Certificate: x.509, chain (root → intermediate → server), SAN for multiple domains
HSTS: Strict‑Transport‑Security header, enforce HTTPS
Attacks: POODLE (disable SSLv3), Heartbleed (update OpenSSL), Logjam (disable export ciphers)
Handshake: ClientHello → ServerHello → KeyExchange → Finished
Key exchange: ECDHE (best, PFS), DHE (PFS), RSA (no PFS, deprecated)
Ciphers: AES‑GCM (TLS 1.2), ChaCha20‑Poly1305 (TLS 1.2/1.3)
Certificate: x.509, chain (root → intermediate → server), SAN for multiple domains
HSTS: Strict‑Transport‑Security header, enforce HTTPS
Attacks: POODLE (disable SSLv3), Heartbleed (update OpenSSL), Logjam (disable export ciphers)