RIP SSLv3

Jun 30, 2015

The Internet community officially banishes the notoriously unsafe Secure Sockets Layer protocol.

The venerable “secure” network protocol Secure Sockets Layer (SSL) v3 has met its end. SSL has co-existed on the Internet alongside its presumed successor TLS for many years, even though experts have long warned of its shortcomings. A recent rash of high-profile incidents, however, including the famous POODLE exploit, have finally caused the Internet Engineering Task Force (IETF) to take action. Request for Comment (RFC) 7568 “Deprecating Secure Sockets Layer Version 3.0” officially states the requirement that SSLv3 should not be supported.

The RFC is unusually blunt, with its all-cap stipulation that “SSLv3 MUST NOT be used.” Although most systems today support the safer TLS, many provide fallback support for SSLv3 if an SSL connection is requested. Attackers have perfected the technique of requesting an SSL connection then use one of the many exploits associated with SSL. RFC 7568 states that “Any party receiving a Hello message with the version set to {3,00} MUST respond with a ‘protocol_version’ alert message and close the connection.”

Many OS and application vendors have already turned off support for SSLv3 through patches and security updates.  

Related content

  • Charly's Column: SSLScan

    If, like our author Charly, you manage SSL-secured servers, read on to discover a tool that you will definitely appreciate. It checks whether the complete security setup is up to date.

  • New TLS Attack Takes the S out of HTTPS

    Vulnerability affects many Linux web servers

  • Server Name Indication

    Server Name Indication lets you operate more than one SSL-protected service per IP address.

  • VoIP Security

    Eavesdropping on conversations on a LAN is easier than ever thanks to insecure VoIP installations. You don't need to bug restaurant booths or tap phone lines – standard Linux tools are all a hacker needs.

  • Socks 5

    Socks is a universal proxy protocol for TCP and UDP that allows internal hosts to securely pass the firewall and authenticates users. This article describes the latest version of the Socks proxy protocol and shows how to implement it.

comments powered by Disqus

Issue 198/2017

Buy this issue as a PDF

Digital Issue: Price $9.99
(incl. VAT)

News

njobs Europe
What:
Where:
Country:
Njobs Netherlands Njobs Deutschland Njobs United Kingdom Njobs Italia Njobs France Njobs Espana Njobs Poland
Njobs Austria Njobs Denmark Njobs Belgium Njobs Czech Republic Njobs Mexico Njobs India Njobs Colombia