The respective certificate determines how SSL and TLS work. It is essentially a handshake between the client accessing a server and the server. The server uses a certificate to authenticate itself to the client. It then sends to the server a random number encrypted using the server’s certificate. Alternatively, client and server use the Diffie-Hellman key exchange method. The client and server then calculate a key used to encode further communication.
SSL certificates are issued by official certificate authorities. There are three types of certificates, which meet different requirements:
With this certificate, the certificate authority checks the applicant’s right to use a specific domain name. DV-SSL certificates can be issued very quickly because the certificate authority does not require any additional company documents.
In addition to the applicant’s right to use a specific domain, the certificate authority also checks some additional company information. A website with an OV SSL certificate shows the user more information about the operator of the website, imparting a greater level of trust.
In this case, the organization submitting the application is thoroughly vetted. The Guidelines for Extended Validation, promulgated by the CA/Browser Forum in 2007, set out how the issuance process works. Among other things, companies seeking this certification must verify that the entity legally, materially, and operationally exists and has control over the domain.
With the advent of SSL, Netscape Communications responded to the need for secure data transmission between the Netscape web browser and the server it connects to.
In November of the same year, Netscape released SSL 2.0 which provided better security.
Microsoft responded to criticism of SSL with its own encryption protocol called Private Communication Technology (PCT).
SSL 3.0 was much more stable than its predecessors and no longer compatible with SSL 2.0.
TLS is an upgrade of SSL and has now become the encryption standard.
The first big update of TLS took place six years later.
TLS 1.2 met increased expectations in terms of security standards and modern browsers.
TLS 1.3 is more secure and better performing than its predecessors and represents the current official standard for transport encryption.
SSL/TLS has some vulnerabilities that can be exploited by attackers to prevent effective authentication and encryption. The places vulnerable to attacks include the following:
There are currently over 700 certificate authorities around the world authorized to issue SSL certificates. In addition, a large number of resellers and hosting providers offer related services, where companies have no influence on the choice of certificate authority. Although software makers carry out appropriate audits before accepting a certificate authority, there is still a risk that hackers will attack such an authority and create arbitrary certificates themselves.
Intelligence agencies and investigating authorities can exploit vulnerabilities with certificate authorities by using a valid certificate from another host to impersonate someone else.
By using special intermediate CA certificates, attackers have the ability to hack into encrypted connections and analyze their content.
Some certificate authorities also handle the generation of keys. This poses a security risk, because the private key must be generated on the user’s own computer.
If the private key is stolen without the owner of the certificate being aware of it, attackers can use it to decrypt encrypted data.
The POODLE attack is one of the known attacks on SSL. It is a type of man-in-the-middle attack in which attackers exploit the vulnerability of SSLv3. The hack causes script code to be executed on the victim’s computer. Hackers are then able to access sensitive information such as online banking login data.
Another known attack is the Heartbleed exploit. It uses a known security bug in the TLS heartbeat, where client and server send a payload packet back and forth to ensure that the connection is still ok. By tampering with the length field specified in the payload packet on the sender side, attackers are able to read remote data.