TLS

要添加信任的根证书，将证书文件置于 /etc/ca-certificates/trust-source/，然后运行 update-ca-trust。^[1]

• openssl
• stunnel
• HTTPS

• mkcert: valid HTTPS certificates for localhost
• 牧码志：SSL证书生成方法^{已失效，存档}
• SSL通信详解 - 泥泞的沼泽^{已失效，存档}
• How's My SSL?
• Introducing CFSSL - CloudFlare's PKI toolkit | CloudFlare Blog
• Keyless SSL: The Nitty Gritty Technical Details, 图解SSL/TLS协议 - 阮一峰的网络日志
• jethrogb/ssltrace: ssltrace hooks an application's SSL libraries to record keying data of all SSL connections.
• Chris's Wiki: Some thoughts on ways of choosing what TLS ciphers to support
• TLS Certificate Optimization: Lazyloading for Legacy Browsers
• SSL: it’s hard to do right | The Recompiler: 回顾了 SSL/TLS 的一些重大的安全漏洞
• mozilla/cipherscan: A very simple way to find out which SSL ciphersuites are supported by a target.
• Introducing TLS 1.3
• veeti/manuale: A fully manual Let's Encrypt/ACME client
• SSL versus TLS: What is the difference?
• The Illustrated TLS 1.3 Connection: Every Byte Explained, The Illustrated QUIC Connection: Every Byte Explained

• sgallagher/sscg: Simple Signed Certificate Generator
• gojue/ecapture: capture SSL/TLS text content without CA cert using eBPF. supports Linux/Android x86_64/Aarch64.