Wednesday, September 21, 2011

SSL 2.0 broken

SSL/TLS encryption protocols have been broken. I had a feeling this was coming soon. Problem is Chrome and firefox currently only support TLS 1.0 along with over a million other websites like gmail and paypal. Versions 1.1 and 1.2 have existed since 2006 and 2008 but unfortunately most developers are slow to upgrade because everyone else is. It means using different code that might cause a problem later so I can understand the reluctance. Usually when a major weakness is found like this, major companies are quick to path. It's only when these holes are found that they are patched, typically.
This is really just to show you the nature of encryption and security in general on the net. It's a lot of back and forth.

No comments:

Post a Comment