• Category
      No categories were found that matched your criteria.
      • Manufacturer
        No manufacturers were found that matched your criteria.
      • Products
        No product/service was found that matched your criteria.
          • Knowledge
            No article were found that matched your criteria.
          Knowledge groups
          KB archive
          Knowledge Filters

          Transport Layer Security (TLS)

          Tuesday, August 6, 2019

          History of SSL/TLS

          SSL v2.0 and v3.0 published in 1995 and 1996 by Netscape respectively (Depricated in 2011, 2015, RFC7568)
          TLS v1.0 was an upgrade of SSL v3.0 published in 1999 by IETF RFC2246 (Depricating in 2020, RFC8996)
          TLS v1.1 was published in 2006 IETF RFC4346 (Depricating in 2020, RFC8996)
          TLS v1.2 was published in  2008 IETF RFC5246
          TLS v1.3 was published in 2018 IETF RFC8446 after 30 drafts

          WatchGuard survey dated Q3 2018, about 7% of Alexa Top 100,000 sites still support SSL2.0/3.0
          All SSL/TLS protocols have their share of flaws like all other technologies, and some of the well known attacks are

          BEAST (Browser Exploit Against SSL/TLS) on SSL 3.0 & TLS 1.0, published in 2011
          CRIME (Compression Ratio Info-leak Made Easy) on TLS compression, published in NIST CVE-2012-4929
          BREACH(Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext), published in NIST CVE-2013-3587
          POODLE (Padding Oracle On Downgraded Legacy Encryption) on SSL 3.0 interoperability, published in 2014
          HeartBleed on OpenSSL library extension, published in NIST CVE-2014-0160

           

          How TLS Works?

          TLS has two phases/protcols of communications, namely Handshake and Record.

          During handshaking, server and client will

          • Negotiate the protocol version
          • Select cryptographic algorithm/cipher suites
          • Authenticate each other by asymmetric cryptography
          • Agreed on a shared secret key used for symmetric encryption in the record phase

          In the record phase, bulk encryption takes place

          • All outgoing messages are encrypted with the shared secret key established earlier
          • Then the encrypted messages are transmited to the other side
          • They will be verified to see if there’s any modification during transmission or not
          • If not, the messages will be decrypted with the same symmetric secret key

           

          Source: https://en.wikipedia.org

          back to top
          Filters