TLS for Applications
To make the Internet more secure, Transport Layer Security (TLS), the successor to Secure Sockets Layer (SSL), needs to be widely deployed by all kinds of applications across the Internet.
People are generally familiar with TLS from the “https” and lock icons seen in web browsers, but TLS can be used in so many other applications.
TLS is particularly critical now that the Internet Architecture Board (IAB) has stated the goal of making encryption the default across the Internet.
This page outlines some basic steps you can take to get started.
1. Understand the basics of TLS. To get started, you may want to view our “TLS Basics” page.
2. Choose the right TLS library for your application:
- OpenSSL is a popular TLS library used to develop secure applications. OpenSSL was started in 1998 with the purpose of developing a free general purpose encryption software library. OpenSSL is most commonly used for securing communications between web browsers and servers. It is the most widely used TLS encryption library. The OpenSSL library is dual-licensed under both an Apache style license and the BSD license.
- LibreSSL is a free TLS library from the OpenBSD foundation used to develop secure applications. It was started in 2014 in response to the Heartbleed bug found in OpenSSL. LibreSSL was started as a fork of OpenSSL version 1.0.1g. It aims to provide backwards compatibility with applications written using OpenSSL. OpenBSD is currently the only supported operating system, with future plans to support other POSIX based operating systems. LibreSSL is is dual-licensed under both an Apache style license and the BSD license.
- GnuTLS is a TLS library originally developed as part of the Free Software Foundation(FSF)‘s GNU project. In 2012 GnuTLS left the GNU project, but retained its name. GnuTLS is used primarily by software licensed under the FSF’s General Public License (GPL). GnuTLS is licensed under the Lesser General Public License (LGPL).
3. Learn about TLS support for specific protocols:
4. Understand why TLS is necessary:
5. Understand common attacks against encrypted communications:
- What can App developers learn from Heartbleed
- Heartbleed, LibreSSL and the Importance of Implementation Diversity
6. See how others are securing their applications using TLS:
7. Build the business case for your use of TLS (documents needed)
8. Keep up-to-date on the latest TLS news and activities:
News
Let’s Encrypt certificates for mail servers and DANE – Part 1 of 2
Let’s Encrypt Today
Diffie-Hellman Key Exchange Problems & Recommendations for Stronger Encryption
Last Week at LACNIC24 and LACNOG in Bogota, Columbia
Even more DANE/DNSSEC/TLS email testing from Go6lab
Resources
No post found!