How is TLS 1.0 broken? All I could find is BEAST, but that seems to be mitigated... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

josho on Jan 9, 2014 | parent | context | favorite | on: How's my SSL?

How is TLS 1.0 broken? All I could find is BEAST, but that seems to be mitigated by client patches.

Interestingly Wkikipedia says that TLS 1.1 and 1.2 only have about 25% adoption on servers. Which is shocking if in fact TLS 1.0 is truly broken.

tptacek on Jan 9, 2014 [–]

TLS 1.0 uses chained IVs, which is a protocol flaw. It also has an explicit protocol alert for decryption failures, which makes error oracle attacks simpler. TLS 1.0 is broken. It isn't catastrophically broken so far as we know now, but nobody should be deliberately preferring it.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact