Attacking Secure Sockets Layer (SSL)
SSL and its successor, Transport Layer Security (TLS), are cryptographic protocols used to provide secure communications across the internet. These protocols have been widely used in secure applications such as internet messaging and e-mail, web browsing, and VoiceoverIP (VoIP).
These protocols are ubiquitous across the internet; however, they originated in the mid 1990s and are increasingly coming under attack as they age. SSL Version 2.0 (Version 1.0 was never publicly released) contains a significant number of flaws that can be exploited, such as poor key control and a weakness to man-in-the middle attacks. With the new attacks such as BEAST, POODLE, CRIME, Logjam, DROWN, and BREACH, the SSL Version 3.0 has recently been flawed indubitably. Although most users have implemented newer versions of TLS, misconfigured systems may still permit the use of the earlier insecure version.
Weaknesses and vulnerabilities in the SSL protocol
The two primary security...
