5. Agenda:
• What is SSL?
• Evolution from SSL to TLS
• TLS in a nutshell
• TLS 1.2 vs 1.3
• Handshake
• Resumption
• Forward secrecy
• 2 caveats in TLS 1.3
7. What is SSL ?
➢Secure Socket Layer is a method to secure and
encrypt sensitive information.
➢ HTTPS
➢ SSL v1.0, V2.0, V3.0
8. Vulnerabilities
• BEAST - 2011
• POODLE - 2014
Impact
• By exploiting this vulnerability, an attacker can gain access to things
like passwords and cookies, enabling him to access a user’s private
account data on a website.
9. Evolution from SSL to TLS
• Browsers and websites need to turn off SSLv3 and use more modern
security protocols as soon as possible, in order to avoid
compromising users’ private information.
10. TLS in a Nutshell
• Developed by IETF in 1999
• Revised to TLS v1.1 in 2006
• Again, revised Tls v1.2 in 2008
• SSL v3.0 served as a basis for TLS 1.0 and closely related to SSL 3.0, and is
sometimes referred to as "SSL 3.1"
• Algorithms used:
• Key Exchange: ECDHE-RSA, PSK etc
• Cipher: AES CBC
• Hashing: HMAC - MD5, SHA1
11. TLS in a Nutshell
• 3 properties offered by TLS connection:
• Private connection due to symmetric key encryption
• Authentication due to public key encryption
• Ensures integrity due to message integrity check