SSL 3.0

Content
Warning! This technology is obsolete!

Last Updated Fri, 3 May 2019 19:45:00 -0400

SSL stands for Secure Sockets Layer and was originally created by Netscape. It is used for providing confidentiality, authenticity and integrity by establishing an encrypted link between a server and a client. This link ensures that all data passed between the web server and browsers remain private and integral. SSLv2 and SSLv3 are the 2 versions of this protocol (SSLv1 was never publicly released). After SSLv3, SSL was renamed to TLS. Those protocols are standardized and described by RFCs.



Attacks:
POODLE : The attack that killed off SSLv3.0. POODLE allows an attacker to force a SSLv3 connection and use weak configuration to break security. https://cryptodoneright.org/articles/cryptographic_protocols/ssl-3-vuln.html#poodle
BEAST : A vulnerability that can be exploited using browsers (HTTPS). A client side attack whose possible impacts include session hijacking. https://cryptodoneright.org/articles/cryptographic_protocols/ssl-3-vuln.html#beast
Logjam An easy to exploit vulnerability if weak configuration is used. This vulnerability affects all versions of SSL/TLS.
ROBOT A weakness in the RSA encryption standard known as PKCS#1v1.5 that can ultimately allow an attacker to learn a secured website’s private key in a relatively short amount of time. https://robotattack.org/