Rule #2 of Zombie Protocol Land: The Double Tap

As a young security professional I’ve always been aware of SSL’s status as a legacy protocol. TLS was proposed as a replacement before I entered High School. For me it was little surprise that in mid 2014 a Padding Oracle On Downgraded Legacy Encryption vulnerability surfaced. Better known as POODLE, this vulnerability dealt a death blow to SSL, and it wasn’t long before TLS felt its sting. The removal of SSL from environments has been reluctantly accepted by most systems administrators. TLS on the other hand survived, now in the light and scrutiny of nervous security professionals. Businesses needed to know, if TLS was strong enough to meet compliance needs and lower risk. Systems administrators wanted to know, how hard a replacement is to implement.


Continue reading