As with marriage, SSL security success is in the details



Something old, something new, something borrowed, and something blue.

The year 2009 has been very interesting for SSL security. Several new and practical attacks were publicized, and fortunately, most were fixed within a relatively short period of time. The year began with an effective attack against MD5-based SSL certificates, technologically a very sophisticated attack and not one we’re likely to see in the wild now that MD5 certificates are being phased out. Then, at BlackHat 2009 in Las Vegas, Moxie Marlinspike talked about several attacks against SSL, including a very old issue that has recently become a problem.