Adam Sampson's tls bookmarkshttps://bookmarks.offog.org/ats/tlsAdam Sampson2016-10-14T17:08:26ZPerspectives Project | Connect securely to https websites – Blog and info for the Perspectives projecthttps://bookmarks.offog.org/edit?url=https%3A%2F%2Fperspectives-project.org%2F2016-10-14T17:08:26ZCertificate notary service -- the idea being both to detect forged (but valid) certificates, and to provide trust in self-signed certs.titus - Totally Isolated TLS Unwrapping Serverhttps://bookmarks.offog.org/edit?url=https%3A%2F%2Fwww.opsmate.com%2Ftitus%2F2016-02-28T14:54:02ZThis has some nice examples of good practice in privilege separation. (Pity it's written in C++!)diafygi/acme-tinyhttps://bookmarks.offog.org/edit?url=https%3A%2F%2Fgithub.com%2Fdiafygi%2Facme-tiny2015-12-31T00:19:55ZA minimal ACME client (for LetsEncrypt). This actually works very well; much less finicky than the official client.Mirage OShttps://bookmarks.offog.org/edit?url=http%3A%2F%2Fopenmirage.org%2F2015-03-22T20:40:34Z"Mirage OS is a library operating system that constructs unikernels for secure, high-performance network applications across a variety of cloud computing and mobile platforms." In OCaml. They've done some nice work around their safe TLS implementation.SecurityEngineering/x509Certs - MozillaWikihttps://bookmarks.offog.org/edit?url=https%3A%2F%2Fwiki.mozilla.org%2FSecurityEngineering%2Fx509Certs2014-08-26T19:44:16ZWith up-to-date instructions for running your own CA.The SSL Co-operativehttps://bookmarks.offog.org/edit?url=http%3A%2F%2Fwww.sslcoop.org%2F2014-07-26T14:53:17ZAttempting to establish a CA on the cooperative model.Welcome — Botanhttps://bookmarks.offog.org/edit?url=http%3A%2F%2Fbotan.randombit.net%2F2014-04-28T14:03:36ZC++ crypto library, with yet another TLS implementation.miTLS - Homehttps://bookmarks.offog.org/edit?url=http%3A%2F%2Fwww.mitls.org%2Fwsgi%2Fhome2014-04-28T13:40:41ZA formally verified implementation of TLS. (Being written in F# means it's a bit impractical to use as a library, though...)BetterCrypto⋅orghttps://bookmarks.offog.org/edit?url=https%3A%2F%2Fbettercrypto.org%2F2014-04-28T12:37:44ZPractical recommendations for TLS settings.Diffie Hellman and TLS with nonsense parameters - Hanno's bloghttps://bookmarks.offog.org/edit?url=http%3A%2F%2Fblog.hboeck.de%2Farchives%2F841-Diffie-Hellman-and-TLS-with-nonsense-parameters.html2014-04-16T08:12:06ZApparently quite a lot of TLS implementations will happily accept 15 as a prime for DH key exchange. Presumably even if they were checking you could rely on the probabilistic test too...Embedded in Academia : A New Development for Coverity and Heartbleedhttps://bookmarks.offog.org/edit?url=http%3A%2F%2Fblog.regehr.org%2Farchives%2F11282014-04-14T06:49:21ZWhat Coverity is doing to detect the Heartbleed problem (in short: treating n2hs-style functions as generating tainted results).