RIP SSLv3

Jun 30, 2015

The Internet community officially banishes the notoriously unsafe Secure Sockets Layer protocol.

The venerable “secure” network protocol Secure Sockets Layer (SSL) v3 has met its end. SSL has co-existed on the Internet alongside its presumed successor TLS for many years, even though experts have long warned of its shortcomings. A recent rash of high-profile incidents, however, including the famous POODLE exploit, have finally caused the Internet Engineering Task Force (IETF) to take action. Request for Comment (RFC) 7568 “Deprecating Secure Sockets Layer Version 3.0” officially states the requirement that SSLv3 should not be supported.

The RFC is unusually blunt, with its all-cap stipulation that “SSLv3 MUST NOT be used.” Although most systems today support the safer TLS, many provide fallback support for SSLv3 if an SSL connection is requested. Attackers have perfected the technique of requesting an SSL connection then use one of the many exploits associated with SSL. RFC 7568 states that “Any party receiving a Hello message with the version set to {3,00} MUST respond with a ‘protocol_version’ alert message and close the connection.”

Many OS and application vendors have already turned off support for SSLv3 through patches and security updates.  

Related content

  • NEWS

    Updates on technologies, trends, and tools

  • Charly's Column: SSLScan

    If, like our author Charly, you manage SSL-secured servers, read on to discover a tool that you will definitely appreciate. It checks whether the complete security setup is up to date.

  • New TLS Attack Takes the S out of HTTPS

    Vulnerability affects many Linux web servers

  • Server Name Indication

    Server Name Indication lets you operate more than one SSL-protected service per IP address.

  • VoIP Security

    Eavesdropping on conversations on a LAN is easier than ever thanks to insecure VoIP installations. You don't need to bug restaurant booths or tap phone lines – standard Linux tools are all a hacker needs.

comments powered by Disqus
Subscribe to our Linux Newsletters
Find Linux and Open Source Jobs
Subscribe to our ADMIN Newsletters

Support Our Work

Linux Magazine content is made possible with support from readers like you. Please consider contributing when you’ve found an article to be beneficial.

Learn More

News