SSL is cryptographic protocol for secure comunications. How does SSL work?
Client initiate a connection Server sends back un encrypted certificate Certificate contains server name, certificate authority, public key Client decrypt the certificate using the public key Client checks CA against his browser CA trusted list Client encrypts a secret number, using public key Server decrypt secret number Now both parts have the secret numberOpenSSL
Install & use on Linux flatmtn.com/article/setting-ssl-certificates-apache eclectica.ca///howto/ssl-cert-howto.php Install & use on Windows stackoverflow.com/questions/4221874/how-do-i-allow-https-for-apache-on-localhost tbs-certificates.co.uk/FAQ/en/openssl-windows.html#volet neilstuff.com/apache2-ssl-windows.html digicert.com/ssl.htm Heartbleed Bug (OpenSSL) engadget.com/2014/04/12/heartbleed-explained heartbleed.com/ digitaltrends.com/computing/the-heartbleed-bug-explained-by-a-web-comic-xkcd/#!bA6BzX When users are connecting to a server, the memory is recycled. A hacker may be able to make a request beyond the size of his request. Firesheep (Firefox add-on) codebutler.com/firesheep pcworld.com/article/208727/Firesheep_Brings_Hacking_to_the_Masses.html Is an add-on that demonstrate how big the problem is.