Carl Sue

Carl's Security Research Blog

Rule #2 of Zombie Protocol Land: The Double Tap

As a young security professional I’ve always been aware of SSL’s status as a legacy protocol. TLS was proposed as a replacement before I entered High School. For me it was little surprise that in mid 2014 a Padding Oracle On Downgraded Legacy Encryption vulnerability surfaced. Better known as POODLE, this vulnerability dealt a death blow to SSL, and it wasn’t long before TLS felt its sting. The removal of SSL from environments has been reluctantly accepted by most systems administrators. TLS on the other hand survived, now in the light and scrutiny of nervous security professionals. Businesses needed to know, if TLS was strong enough to meet compliance needs and lower risk. Systems administrators wanted to know, how hard a replacement is to implement.

Tunnel

Read more of this post

Follow

Get every new post delivered to your Inbox.