Protocol Name | Release Time | Author | RFC |
---|---|---|---|
SSL 1.0 | N/A | Netscape | N/A |
SSL 2.0 | 1995 | Netscape | N/A |
SSL 3.0 | 1996 | Netscape | N/A |
TLS 1.0 | 1999/01 | IETF TLS Working Group | RFC 2246 |
TLS 1.1 | 2006/04 | IETF TLS Working Group | RFC 4346 |
TLS 1.2 | 2008/08 | IETF TLS Working Group | RFC 5246 |
TLS 1.3 | 2018/08 | IETF TLS Working Group | RFC 8446 |
Attack Name | Published Time | Affected Version | Paper |
---|---|---|---|
Bleichenbacher | 2003/09 | SSL 3.0 | Klima, Vlastimil, Ondrej Pokorný, and Tomáš Rosa. "Attacking RSA-based sessions in SSL/TLS." International Workshop on Cryptographic Hardware and Embedded Systems. Springer, Berlin, Heidelberg, 2003. |
BEAST | 2011/05 | SSL 3.0, TLS 1.0 | Rizzo, Juliano, and Thai Duong. "Here come the xor ninjas." In Ekoparty Security Conference, 2011. |
Lucky Thirteen | 2013/02 | SSL 3.0, TLS 1.0/1.1/1.2 | Al Fardan, Nadhem J., and Kenneth G. Paterson. "Lucky thirteen: Breaking the TLS and DTLS record protocols." 2013 IEEE Symposium on Security and Privacy. IEEE, 2013. |
POODLE | 2014/10 | SSL 3.0 | Möller, Bodo, Thai Duong, and Krzysztof Kotowicz. "This POODLE bites: exploiting the SSL 3.0 fallback." Security Advisory (2014). |
DROWN | 2016/08 | SSL 2.0 | Aviram, Nimrod, et al. "DROWN: Breaking TLS Using SSLv2." 25th USENIX Security Symposium (USENIX Security 16). 2016. |
Attack Name | Published Time | Paper |
---|---|---|
CRIME | 2012/09 | Rizzo, Juliano, and Thai Duong. "The CRIME attack." Ekoparty Security Conference. 2012. |
TIME | 2013/03 | Be’ery, Tal, and Amichai Shulman. "A perfect CRIME? only TIME will tell." Black Hat Europe 2013 (2013). |
BREACH | 2013/03 | Prado, A., N. Harris, and Y. Gluck. "The BREACH Attack." (2013). |
Implementation | Developed by | Written in |
---|---|---|
BoringSSL | C, C++, Go, assembly | |
Fizz | C++ | |
GnuTLS | GnuTLS Project | C |
LibreSSL | OpenBSD Project | C, assembly |
MatrixSSL | PeerSec Networks | C |
OpenSSL | OpenSSL Project | C, assembly |
S2n | Amazon | C |
wolfSSL | wolfSSL | C |
Abbreviation | Explanation |
---|---|
SSL | Secure Sockets Layer |
TLS | Transport Layer Security |
IETF | Internet Engineering Task Force |
POODLE | Padding Oracle On Downgrade Legacy Encryption |
DROWN | Decrypting RSA using Obsolete and Weakened eNcryption |
CRIME | Compression Ratio Info-leak Made Easy |
TIME | Timing Info-leak Made Easy |
BREACH | Browser Reconnaissance & Exfiltration via Adaptive Compression of Hypertext |
FREAK | Factoring RSA Export Keys |