SSL TLS - secuguru/security-terms GitHub Wiki

SSL (Secure Sockets Layer) and TLS (Transport Layer Security) are cryptographic protocols designed to provide secure communication over a computer network. SSL was the original version, developed by Netscape, but has since been replaced by TLS due to several vulnerabilities. TLS is widely used today to secure communications for protocols like HTTPS, SMTP, FTPS, and others.

How SSL/TLS Works

  • Handshake: SSL/TLS begins with a handshake between a client (e.g., a web browser) and a server to agree on encryption parameters. This process includes authenticating the server’s identity using digital certificates, establishing encryption algorithms, and sharing keys securely.
  • Encryption: After the handshake, all data transmitted between the client and server is encrypted using symmetric encryption, ensuring confidentiality.
  • Integrity: SSL/TLS also ensures that the data hasn’t been altered during transit by using message authentication codes (MACs).
  • Authentication: The server is authenticated using digital certificates, typically issued by a Certificate Authority (CA). Optionally, the client may also be authenticated.

SSL/TLS Vulnerabilities

Over the years, several attacks have exploited weaknesses in SSL/TLS implementations:

  1. POODLE (Padding Oracle On Downgraded Legacy Encryption):
  • Issue: This vulnerability exploits the fact that some servers still support the outdated SSL 3.0 protocol. Attackers can force a connection downgrade to SSL 3.0, then exploit a weakness in the CBC (Cipher Block Chaining) mode of encryption.
  • Impact: By manipulating padding in encrypted messages, attackers can decrypt sensitive data like cookies.
  • Solution: Disable SSL 3.0 support and use only modern versions of TLS (TLS 1.2 or later).
  1. BEAST (Browser Exploit Against SSL/TLS):
  • Issue: BEAST exploits a vulnerability in TLS 1.0’s CBC mode encryption, specifically targeting the way it handles initialization vectors (IVs).
  • Impact: An attacker can perform a man-in-the-middle attack to decrypt HTTPS cookies, potentially stealing session information.
  • Solution: Upgrade to TLS 1.1 or later, which addresses this issue by randomizing the IV for each block of data.
  1. CRIME (Compression Ratio Info-leak Made Easy):
  • Issue: CRIME exploits vulnerabilities in SSL/TLS compression mechanisms. By compressing data before encryption, attackers can deduce the contents of encrypted traffic based on the size of the compressed response.
  • Impact: Sensitive information like cookies or authentication tokens can be exposed.
  • Solution: Disable SSL/TLS and HTTP compression.
  1. BREACH (Browser Reconnaissance and Exfiltration via Adaptive Compression of Hypertext):
  • Issue: BREACH is similar to CRIME but specifically targets HTTP compression. It exploits how compressed HTTP responses reveal information about the contents of encrypted data.
  • Impact: Attackers can extract sensitive information like session tokens from HTTPS traffic.
  • Solution: Mitigations include disabling HTTP compression, using randomized padding, or separating sensitive data from compressed content.
  1. HEARTBLEED:
  • Issue: HEARTBLEED is a vulnerability in the OpenSSL implementation of the TLS heartbeat extension. An attacker can send a specially crafted request that tricks the server into returning more data than intended, potentially exposing sensitive data stored in memory (such as private keys or session tokens).
  • Impact: Private information, including SSL certificates and encryption keys, could be leaked.
  • Solution: Upgrade to a patched version of OpenSSL that addresses this vulnerability and regenerate any potentially compromised keys or certificates.

Conclusion

SSL/TLS is crucial for secure communication, but as older versions and configurations become outdated, vulnerabilities like POODLE, BEAST, CRIME, BREACH, and HEARTBLEED have emerged, threatening security. The solution involves consistently updating protocols, disabling vulnerable configurations, and applying security patches to ensure that data transmission remains secure.