The future of SSL
Posted: Fri Jun 26, 2015 9:36 am
Recently we have released an update to our crypto library to add TLS support (1.0, 1.1, and 1.2). If anyone is using crypto currently, and is not looking at updating, well, it appears that the end is coming quickly for SSL.
Deprecating Secure Sockets Layer Version 3.0
So, again, if you're using crypto, and are not currently using one of the new releases, I'd suggest working towards that end.
-Dan
Deprecating Secure Sockets Layer Version 3.0
If you're not aware, in RFCs, the word MUST is a reserved word, and means that implementations are required to carrier out a specific behavior.Abstract
The Secure Sockets Layer version 3.0 (SSLv3), as specified in RFC
6101, is not sufficiently secure. This document requires that SSLv3
not be used. The replacement versions, in particular, Transport
Layer Security (TLS) 1.2 (RFC 5246), are considerably more secure and
capable protocols.
This document updates the backward compatibility section of RFC 5246
and its predecessors to prohibit fallback to SSLv3.
...
3. Do Not Use SSL Version 3.0
SSLv3 MUST NOT be used. Negotiation of SSLv3 from any version of TLS
MUST NOT be permitted.
...
So, again, if you're using crypto, and are not currently using one of the new releases, I'd suggest working towards that end.
-Dan