Thursday, September 20, 2012

SSL and TLS - What do browsers use to encrypt?

I'll spare you all the gory details you can read on wikipedia, but these are protocols used to encrypt data exchanged by browsers and web servers for keeping information private and unchanged.  Secure Sockets Layer (SSL) has been through versions 1, 2, and 3.  All by 1996 !   Transport Layer Security (TLS) was released as version 1.0 in 1999.  (Also a !).

You may often see references to SSL3/TLS1.0 because "TLS 1.0 does include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus weakening security."

TLS1.1 was defined in 2006.   TLS1.2 was defined in 2008.  As of 2012, IE9 appears to be the only major browser to support it.

In his great BlackHat 2010 presentation, Ivan Ristic presents great statistics on server support for these protocols discovered during surveying:

No comments:

Post a Comment