Internet taskforce officially cancels SSL 3.0 due to insecurity

Spread the love

SSL 3.0 is officially defunct and not secure enough to use, the Internet Engineering Task Force reported in a request for comments. Those who have not yet done so should switch to, for example, tls 1.2, according to the IETF.

With the denial via IETF’s rfc 7568, the end of the use of SSL 3.0 has become official policy of the Internet Engineering Task Force. That ending comes as no surprise: a draft of the announcement has already appeared. SSL 3.0 is no longer secure enough for use. “The replacement versions, especially transport layer security 1.2, are much more secure and capable,” the task force wrote.

Most companies and organizations have already stopped using ssl 3.0. Now that quitting is an official IETF policy, the last users must also say goodbye to the protocol. Sslv3 was the completely rewritten successor to version 2, whose encryption was not strong enough in 1996. Incidentally, the ssl 3.0 protocol was only officially specified by the IETF in a ‘historical document’ in 2011.

SSL 3.0 has been considered obsolete for years, but continued to be widely used. The death knell for protocol came in October last year, with the discovery of the Poodle vulnerability. This weakness was not in a specific SSL implementation, but in the underlying protocol.

You might also like