Links:

• https://casecurity.org/
• https://www.openssl.org/
• http://gnutls.org/
• http://www.trevp.net/tlslite/ GitHub
• http://www.bouncycastle.org/
• https://istlsfastyet.com/
• http://www.httpvshttps.com/
• http://dev.chromium.org/Home/chromium-security/education/tls
• http://chimera.labs.oreilly.com/books/1230000000545/ch04.html
• https://sslcheck.casecurity.org/en_US
• https://www.pcisecuritystandards.org/security_standards/
• https://www.eff.org/https-everywhere/deploying-https
• http://httpshaming.tumblr.com/
• https://github.com/craigfrancis/dev-security
• https://www.qualys.com
• CA/Browser Forum

SSL/TLS Test Tool:

• https://httpswatch.com/
• https://garron.net/crypto/hsts
• https://www.ssllabs.com/ssltest/index.html
• https://www.ssllabs.com/ssltest/viewMyClient.html
• https://www.wormly.com/test_ssl
• https://www.fairssl.dk/ssltest/
• http://sourceforge.net/projects/sslscan/
• https://cheapsslsecurity.com/ssltools/
• http://sha1affected.com/
• http://spdycheck.org/
• SSL Certificate Checker
• https://whatsmychaincert.com/

With wget : OpenSSL: error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

With curl : curl: (35) error:14077438:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert internal error

In wget, this can be fixed by specifying --secure-protocol=sslv3 option

In curl, this can be fixed by specifying -sslv3 option

wget --secure-protocol=sslv3 --no-check-certificate <URL>
curl -sslv3 -k <URL>

Recommendations for Secure Use of TLS and DTLS - http://datatracker.ietf.org/doc/draft-ietf-uta-tls-bcp/

https://m.facebook.com/notes/protect-the-graph/windows-ssl-interception-gone-wild/1570074729899339

---

SNI - http://wiki.apache.org/httpd/NameBasedSSLVHostsWithSNI

http://blog.cloudflare.com/announcing-keyless-ssl-all-the-benefits-of-cloudflare-without-having-to-turn-over-your-private-ssl-keys/

Related: Study_Security_EncryptionAlgorithm_SHA1 Study_HTTP_SPDY Study_Security_HTTP_HSTS

参考资料

[1]. https://wzyboy.im/post/799.html
[2]. http://www.xinotes.org/notes/note/1094/
[3]. https://help.ubuntu.com/10.04/serverguide/certificates-and-security.html
[4]. http://blog.roodo.com/rocksaying/archives/16158079.html
[5]. http://www.madboa.com/geek/openssl/
[6]. https://www.ssllabs.com/downloads/SSL_TLS_Deployment_Best_Practices_1.3.pdf