smad/org-roam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

brain initiation

Browse Source
This commit is contained in:
smad
2025-11-05 09:18:11 +01:00
commit 933aa8a985
191 changed files with 6203 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
20231019191039-ssl.org Normal file
View File

@@ -0,0 +1,10 @@
:PROPERTIES:
:ID: 95c8982d-e104-43a2-9bb2-fd7e1c3204f2
:END:
#+title: SSL
Netscape developed the original SSL [[id:c9461f7b-7368-4b88-b90b-2d785fda2159][network]] [[id:bd5b34ba-aa98-4808-b97b-2376aa7b8866][protocols]], and Taher Elgamal, chief scientist at Netscape Communications from 1995 to 1998, has been described as the "father of SSL". SSL version 1.0 was never publicly released because of serious security flaws in the protocol. Version 2.0, after being released in February 1995 was quickly found to contain a number of security and usability flaws. It used the same cryptographic keys for message authentication and encryption. It had a weak MAC construction that used the MD5 hash function with a secret prefix, making it vulnerable to length extension attacks. It also provided no protection for either the opening handshake or an explicit message close, both of which meant man-in-the-middle attacks could go undetected. Moreover, SSL 2.0 assumed a single service and a fixed domain [[id:e28dfeaa-876b-4255-a25e-dcc0c909d08a][certificate]], conflicting with the widely used feature of virtual hosting in Web [[id:f2b1d5af-1a7d-47a5-95c8-4a85d558419e][server]], so most websites were effectively impaired from using SSL.
These flaws necessitated the complete redesign of the protocol to SSL version 3.0. Released in 1996, it was produced by Paul Kocher working with Netscape engineers Phil Karlton and Alan Freier, with a reference implementation by Christopher Allen and Tim Dierks of Certicom. Newer versions of SSL/[[id:872ee33b-8361-40c7-9d88-69b3afe5ade2][TLS]] are based on SSL 3.0. The 1996 draft of SSL 3.0 was published by IETF as a historical document in RFC 6101.
SSL 2.0 was deprecated in 2011 by RFC 6176. In 2014, SSL 3.0 was found to be vulnerable to the POODLE attack that affects all block ciphers in SSL; RC4, the only non-block cipher supported by SSL 3.0, is also feasibly broken as used in SSL 3.0.[ SSL 3.0 was deprecated in June 2015 by RFC 7568.