Transport Layer Protection Cheat Sheet ¶ Introduction ¶ Use CAA Records to Restrict Which CAs can Issue CertificatesĬonsider the use of Extended Validation CertificatesĬonsider the use of Client-Side Certificates Use an Appropriate Certification Authority for the Application's User Base Use Strong Cryptographic Hashing AlgorithmsĬarefully Consider the use of Wildcard Certificates TLS Extensions definition and Advanced Encryption Standard CipherSuites were added.Insecure Direct Object Reference Prevention.Expansion of support for authenticated encryption ciphers, used mainly for Galois/Counter Mode (GCM) and CCM mode of Advanced Encryption Standard encryption.Enhancement in the client's and server's ability to specify which hash and signature algorithms they will accept.The MD5-SHA-1 combination in the digitally-signed element was replaced with a single hash negotiated during handshake, defaults to SHA-1.The MD5-SHA-1 combination in the Finished message hash was replaced with SHA-256, with an option to use cipher-suite specific hash algorithms.The MD5-SHA-1 combination in the pseudorandom function (PRF) was replaced with SHA-256, with an option to use cipher-suite specified PRFs.Support for IANA registration of parameters.The implicit Initialization Vector (IV) was replaced with an explicit IV.Added protection against Cipher block chaining (CBC) attacks.Description of Bleichenbacher/Dlima attack defenses cleaned up.Īccording to the Wikipedia article (if this can be trusted):.Verify_data length depends on the cipher suite.Many of the requirements were tightened.Tighter checking of EncryptedPreMasterSecret version.TLS Extensions definition and AES Cipher Suites were merged in.Addition of support for authenticated encryption with. There was substantial cleanup to the client's and server's ability to.The MD5/SHA-1 combination in the digitally-signed element was replaced.The MD5/SHA-1 combination in the pseudorandom function (PRF) was.Based on TLS 1.1, TLS 1.2 contains improved flexibility. Premature closes no longer cause a session to be non-resumable.IANA registries are defined for protocol parameters.Handling of padded errors is changed to use the bad_record_mac alert rather than the decryption_failed alert to protect against CBC attacks.The Implicit Initialization Vector (IV) is replaced with an explicit IV to protect against Cipher block chaining (CBC) attacks.MACs are different - SSL 3.0 uses a modification of an early HMAC while.Some of the major differences between SSL 3.0 and TLS 1.0 are: This was an upgrade from SSL 3.0 and the differences were not dramatic, but they are significant enough that SSL 3.0 and TLS 1.0 don't interoperate. Ability to fall back to SSL 2.0 when a 2.0 client is encountered.Allowing for record compression and decompression.Implementing a generalized key exchange protocol, allowing Diffie-Hellman and Fortezza key exchanges as well as non-RSA certificates.Ability of the client and server to send chains of certificates, thus allowing organizations to use certificate hierarchy which is more than two certificates deep.Use of a full 128 bits of keying material even when using the Export cipher.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |