Overview:
SSL stands for Secure Sockets Layer and was originally created by Netscape. It is used for providing confidentiality, authenticity and integrity by establishing an encrypted link between a server and a client. This link ensures that all data passed between the web server and browsers remain private and integral. SSLv2 and SSLv3 are the 2 versions of this protocol (SSLv1 was never publicly released). After SSLv3, SSL was renamed to TLS. Those protocols are standardized and described by RFCs.
Developer's QuickStartFor more details check the FAQ for this algorithm.
Attacks:
- POODLE : The attack that killed off SSLv3.0. POODLE allows an attacker to force a SSLv3 connection and use weak configuration to break security. https://cryptodoneright.org/articles/cryptographic_protocols/ssl-3-vuln.html#poodle
- BEAST : A vulnerability that can be exploited using browsers (HTTPS). A client side attack whose possible impacts include session hijacking. https://cryptodoneright.org/articles/cryptographic_protocols/ssl-3-vuln.html#beast
- Logjam An easy to exploit vulnerability if weak configuration is used. This vulnerability affects all versions of SSL/TLS.
- ROBOT A weakness in the RSA encryption standard known as PKCS#1v1.5 that can ultimately allow an attacker to learn a secured website’s private key in a relatively short amount of time. https://robotattack.org/