CINXE.COM

<!DOCTYPE html> <html class="client-nojs vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available" lang="en" dir="ltr"> <head> <meta charset="UTF-8"> <title>Transport Layer Security - Wikipedia</title> <script>(function(){var className="client-js vector-feature-language-in-header-enabled vector-feature-language-in-main-page-header-disabled vector-feature-sticky-header-disabled vector-feature-page-tools-pinned-disabled vector-feature-toc-pinned-clientpref-1 vector-feature-main-menu-pinned-disabled vector-feature-limited-width-clientpref-1 vector-feature-limited-width-content-enabled vector-feature-custom-font-size-clientpref-1 vector-feature-appearance-pinned-clientpref-1 vector-feature-night-mode-enabled skin-theme-clientpref-day vector-toc-available";var cookie=document.cookie.match(/(?:^|; )enwikimwclientpreferences=([^;]+)/);if(cookie){cookie[1].split('%2C').forEach(function(pref){className=className.replace(new RegExp('(^| )'+pref.replace(/-clientpref-\w+$|[^\w-]+/g,'')+'-clientpref-\\w+( |$)'),'$1'+pref+'$2');});}document.documentElement.className=className;}());RLCONF={"wgBreakFrames":false,"wgSeparatorTransformTable":["",""],"wgDigitTransformTable":["",""],"wgDefaultDateFormat":"dmy", "wgMonthNames":["","January","February","March","April","May","June","July","August","September","October","November","December"],"wgRequestId":"64d047b0-e716-439a-a39a-93a10dbea101","wgCanonicalNamespace":"","wgCanonicalSpecialPageName":false,"wgNamespaceNumber":0,"wgPageName":"Transport_Layer_Security","wgTitle":"Transport Layer Security","wgCurRevisionId":1257548947,"wgRevisionId":1257548947,"wgArticleId":187813,"wgIsArticle":true,"wgIsRedirect":false,"wgAction":"view","wgUserName":null,"wgUserGroups":["*"],"wgCategories":["CS1 maint: archived copy as title","CS1 maint: unfit URL","Articles with short description","Short description matches Wikidata","Articles containing potentially dated statements from April 2016","All articles containing potentially dated statements","Webarchive template wayback links","All articles with unsourced statements","Articles with unsourced statements from February 2015","Articles containing potentially dated statements from July 2021", "Articles containing potentially dated statements from August 2019","Articles with unsourced statements from February 2019","Commons category link is locally defined","Internet properties established in 1999","Transport Layer Security","Cryptographic protocols","Presentation layer protocols"],"wgPageViewLanguage":"en","wgPageContentLanguage":"en","wgPageContentModel":"wikitext","wgRelevantPageName":"Transport_Layer_Security","wgRelevantArticleId":187813,"wgIsProbablyEditable":true,"wgRelevantPageIsProbablyEditable":true,"wgRestrictionEdit":[],"wgRestrictionMove":[],"wgNoticeProject":"wikipedia","wgCiteReferencePreviewsActive":false,"wgFlaggedRevsParams":{"tags":{"status":{"levels":1}}},"wgMediaViewerOnClick":true,"wgMediaViewerEnabledByDefault":true,"wgPopupsFlags":0,"wgVisualEditor":{"pageLanguageCode":"en","pageLanguageDir":"ltr","pageVariantFallbacks":"en"},"wgMFDisplayWikibaseDescriptions":{"search":true,"watchlist":true,"tagline":false,"nearby":true}, "wgWMESchemaEditAttemptStepOversample":false,"wgWMEPageLength":200000,"wgRelatedArticlesCompat":[],"wgCentralAuthMobileDomain":false,"wgEditSubmitButtonLabelPublish":true,"wgULSPosition":"interlanguage","wgULSisCompactLinksEnabled":false,"wgVector2022LanguageInHeader":true,"wgULSisLanguageSelectorEmpty":false,"wgWikibaseItemId":"Q206494","wgCheckUserClientHintsHeadersJsApi":["brands","architecture","bitness","fullVersionList","mobile","model","platform","platformVersion"],"GEHomepageSuggestedEditsEnableTopics":true,"wgGETopicsMatchModeEnabled":false,"wgGEStructuredTaskRejectionReasonTextInputEnabled":false,"wgGELevelingUpEnabledForUser":false};RLSTATE={"ext.globalCssJs.user.styles":"ready","site.styles":"ready","user.styles":"ready","ext.globalCssJs.user":"ready","user":"ready","user.options":"loading","ext.cite.styles":"ready","skins.vector.search.codex.styles":"ready","skins.vector.styles":"ready","skins.vector.icons":"ready","jquery.tablesorter.styles":"ready", "jquery.makeCollapsible.styles":"ready","ext.wikimediamessages.styles":"ready","ext.visualEditor.desktopArticleTarget.noscript":"ready","ext.uls.interlanguage":"ready","wikibase.client.init":"ready","ext.wikimediaBadges":"ready"};RLPAGEMODULES=["ext.cite.ux-enhancements","mediawiki.page.media","ext.scribunto.logs","site","mediawiki.page.ready","jquery.tablesorter","jquery.makeCollapsible","mediawiki.toc","skins.vector.js","ext.centralNotice.geoIP","ext.centralNotice.startUp","ext.gadget.ReferenceTooltips","ext.gadget.switcher","ext.urlShortener.toolbar","ext.centralauth.centralautologin","mmv.bootstrap","ext.popups","ext.visualEditor.desktopArticleTarget.init","ext.visualEditor.targetLoader","ext.echo.centralauth","ext.eventLogging","ext.wikimediaEvents","ext.navigationTiming","ext.uls.interface","ext.cx.eventlogging.campaigns","ext.cx.uls.quick.actions","wikibase.client.vector-2022","ext.checkUser.clientHints","ext.growthExperiments.SuggestedEditSession","wikibase.sidebar.tracking"];</script> <script>(RLQ=window.RLQ||[]).push(function(){mw.loader.impl(function(){return["user.options@12s5i",function($,jQuery,require,module){mw.user.tokens.set({"patrolToken":"+\\","watchToken":"+\\","csrfToken":"+\\"}); }];});});</script> <link rel="stylesheet" href="/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cjquery.makeCollapsible.styles%7Cjquery.tablesorter.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022"> <script async="" src="/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022"></script> <meta name="ResourceLoaderDynamicStyles" content=""> <link rel="stylesheet" href="/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022"> <meta name="generator" content="MediaWiki 1.44.0-wmf.4"> <meta name="referrer" content="origin"> <meta name="referrer" content="origin-when-cross-origin"> <meta name="robots" content="max-image-preview:standard"> <meta name="format-detection" content="telephone=no"> <meta name="viewport" content="width=1120"> <meta property="og:title" content="Transport Layer Security - Wikipedia"> <meta property="og:type" content="website"> <link rel="preconnect" href="//upload.wikimedia.org"> <link rel="alternate" media="only screen and (max-width: 640px)" href="//en.m.wikipedia.org/wiki/Transport_Layer_Security"> <link rel="alternate" type="application/x-wiki" title="Edit this page" href="/w/index.php?title=Transport_Layer_Security&action=edit"> <link rel="apple-touch-icon" href="/static/apple-touch/wikipedia.png"> <link rel="icon" href="/static/favicon/wikipedia.ico"> <link rel="search" type="application/opensearchdescription+xml" href="/w/rest.php/v1/search" title="Wikipedia (en)"> <link rel="EditURI" type="application/rsd+xml" href="//en.wikipedia.org/w/api.php?action=rsd"> <link rel="canonical" href="https://en.wikipedia.org/wiki/Transport_Layer_Security"> <link rel="license" href="https://creativecommons.org/licenses/by-sa/4.0/deed.en"> <link rel="alternate" type="application/atom+xml" title="Wikipedia Atom feed" href="/w/index.php?title=Special:RecentChanges&feed=atom"> <link rel="dns-prefetch" href="//meta.wikimedia.org" /> <link rel="dns-prefetch" href="//login.wikimedia.org"> </head> <body class="skin--responsive skin-vector skin-vector-search-vue mediawiki ltr sitedir-ltr mw-hide-empty-elt ns-0 ns-subject mw-editable page-Transport_Layer_Security rootpage-Transport_Layer_Security skin-vector-2022 action-view"><a class="mw-jump-link" href="#bodyContent">Jump to content</a> <div class="vector-header-container"> <header class="vector-header mw-header"> <div class="vector-header-start"> <nav class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-dropdown" class="vector-dropdown vector-main-menu-dropdown vector-button-flush-left vector-button-flush-right" > <input type="checkbox" id="vector-main-menu-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-main-menu-dropdown" class="vector-dropdown-checkbox " aria-label="Main menu" > <label id="vector-main-menu-dropdown-label" for="vector-main-menu-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Main menu </label> <div class="vector-dropdown-content"> <div id="vector-main-menu-unpinned-container" class="vector-unpinned-container"> <div id="vector-main-menu" class="vector-main-menu vector-pinnable-element"> <div class="vector-pinnable-header vector-main-menu-pinnable-header vector-pinnable-header-unpinned" data-feature-name="main-menu-pinned" data-pinnable-element-id="vector-main-menu" data-pinned-container-id="vector-main-menu-pinned-container" data-unpinned-container-id="vector-main-menu-unpinned-container" > <div class="vector-pinnable-header-label">Main menu</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-main-menu.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-main-menu.unpin">hide</button> </div> <div id="p-navigation" class="vector-menu mw-portlet mw-portlet-navigation" > <div class="vector-menu-heading"> Navigation </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-mainpage-description" class="mw-list-item"><a href="/wiki/Main_Page" title="Visit the main page [z]" accesskey="z">Main page</a></li><li id="n-contents" class="mw-list-item"><a href="/wiki/Wikipedia:Contents" title="Guides to browsing Wikipedia">Contents</a></li><li id="n-currentevents" class="mw-list-item"><a href="/wiki/Portal:Current_events" title="Articles related to current events">Current events</a></li><li id="n-randompage" class="mw-list-item"><a href="/wiki/Special:Random" title="Visit a randomly selected article [x]" accesskey="x">Random article</a></li><li id="n-aboutsite" class="mw-list-item"><a href="/wiki/Wikipedia:About" title="Learn about Wikipedia and how it works">About Wikipedia</a></li><li id="n-contactpage" class="mw-list-item"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us" title="How to contact Wikipedia">Contact us</a></li> </ul> </div> </div> <div id="p-interaction" class="vector-menu mw-portlet mw-portlet-interaction" > <div class="vector-menu-heading"> Contribute </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="n-help" class="mw-list-item"><a href="/wiki/Help:Contents" title="Guidance on how to use and edit Wikipedia">Help</a></li><li id="n-introduction" class="mw-list-item"><a href="/wiki/Help:Introduction" title="Learn how to edit Wikipedia">Learn to edit</a></li><li id="n-portal" class="mw-list-item"><a href="/wiki/Wikipedia:Community_portal" title="The hub for editors">Community portal</a></li><li id="n-recentchanges" class="mw-list-item"><a href="/wiki/Special:RecentChanges" title="A list of recent changes to Wikipedia [r]" accesskey="r">Recent changes</a></li><li id="n-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_upload_wizard" title="Add images or other media for use on Wikipedia">Upload file</a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> <a href="/wiki/Main_Page" class="mw-logo"> <img class="mw-logo-icon" src="/static/images/icons/wikipedia.png" alt="" aria-hidden="true" height="50" width="50"> <img class="mw-logo-wordmark" alt="Wikipedia" src="/static/images/mobile/copyright/wikipedia-wordmark-en.svg" style="width: 7.5em; height: 1.125em;"> <img class="mw-logo-tagline" alt="The Free Encyclopedia" src="/static/images/mobile/copyright/wikipedia-tagline-en.svg" width="117" height="13" style="width: 7.3125em; height: 0.8125em;"> </a> </div> <div class="vector-header-end"> <div id="p-search" role="search" class="vector-search-box-vue vector-search-box-collapses vector-search-box-show-thumbnail vector-search-box-auto-expand-width vector-search-box"> <a href="/wiki/Special:Search" class="cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only search-toggle" title="Search Wikipedia [f]" accesskey="f"> Search </a> <div class="vector-typeahead-search-container"> <div class="cdx-typeahead-search cdx-typeahead-search--show-thumbnail cdx-typeahead-search--auto-expand-width"> <form action="/w/index.php" id="searchform" class="cdx-search-input cdx-search-input--has-end-button"> <div id="simpleSearch" class="cdx-search-input__input-wrapper" data-search-loc="header-moved"> <div class="cdx-text-input cdx-text-input--has-start-icon"> <input class="cdx-text-input__input" type="search" name="search" placeholder="Search Wikipedia" aria-label="Search Wikipedia" autocapitalize="sentences" title="Search Wikipedia [f]" accesskey="f" id="searchInput" > </div> <input type="hidden" name="title" value="Special:Search"> </div> <button class="cdx-button cdx-search-input__end-button">Search</button> </form> </div> </div> </div> <nav class="vector-user-links vector-user-links-wide" aria-label="Personal tools"> <div class="vector-user-links-main"> <div id="p-vector-user-menu-preferences" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-userpage" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-dropdown" class="vector-dropdown " title="Change the appearance of the page's font size, width, and color" > <input type="checkbox" id="vector-appearance-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-appearance-dropdown" class="vector-dropdown-checkbox " aria-label="Appearance" > <label id="vector-appearance-dropdown-label" for="vector-appearance-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Appearance </label> <div class="vector-dropdown-content"> <div id="vector-appearance-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <div id="p-vector-user-menu-notifications" class="vector-menu mw-portlet emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> <div id="p-vector-user-menu-overflow" class="vector-menu mw-portlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en" class="">Donate</a> </li> <li id="pt-createaccount-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:CreateAccount&returnto=Transport+Layer+Security" title="You are encouraged to create an account and log in; however, it is not mandatory" class="">Create account</a> </li> <li id="pt-login-2" class="user-links-collapsible-item mw-list-item user-links-collapsible-item"><a data-mw="interface" href="/w/index.php?title=Special:UserLogin&returnto=Transport+Layer+Security" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o" class="">Log in</a> </li> </ul> </div> </div> </div> <div id="vector-user-links-dropdown" class="vector-dropdown vector-user-menu vector-button-flush-right vector-user-menu-logged-out" title="Log in and more options" > <input type="checkbox" id="vector-user-links-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-user-links-dropdown" class="vector-dropdown-checkbox " aria-label="Personal tools" > <label id="vector-user-links-dropdown-label" for="vector-user-links-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Personal tools </label> <div class="vector-dropdown-content"> <div id="p-personal" class="vector-menu mw-portlet mw-portlet-personal user-links-collapsible-item" title="User menu" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-sitesupport" class="user-links-collapsible-item mw-list-item"><a href="https://donate.wikimedia.org/wiki/Special:FundraiserRedirector?utm_source=donate&utm_medium=sidebar&utm_campaign=C13_en.wikipedia.org&uselang=en">Donate</a></li><li id="pt-createaccount" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:CreateAccount&returnto=Transport+Layer+Security" title="You are encouraged to create an account and log in; however, it is not mandatory"> Create account</a></li><li id="pt-login" class="user-links-collapsible-item mw-list-item"><a href="/w/index.php?title=Special:UserLogin&returnto=Transport+Layer+Security" title="You're encouraged to log in; however, it's not mandatory. [o]" accesskey="o"> Log in</a></li> </ul> </div> </div> <div id="p-user-menu-anon-editor" class="vector-menu mw-portlet mw-portlet-user-menu-anon-editor" > <div class="vector-menu-heading"> Pages for logged out editors <a href="/wiki/Help:Introduction" aria-label="Learn more about editing">learn more</a> </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="pt-anoncontribs" class="mw-list-item"><a href="/wiki/Special:MyContributions" title="A list of edits made from this IP address [y]" accesskey="y">Contributions</a></li><li id="pt-anontalk" class="mw-list-item"><a href="/wiki/Special:MyTalk" title="Discussion about edits from this IP address [n]" accesskey="n">Talk</a></li> </ul> </div> </div> </div> </div> </nav> </div> </header> </div> <div class="mw-page-container"> <div class="mw-page-container-inner"> <div class="vector-sitenotice-container"> <div id="siteNotice"></div> </div> <div class="vector-column-start"> <div class="vector-main-menu-container"> <div id="mw-navigation"> <nav id="mw-panel" class="vector-main-menu-landmark" aria-label="Site"> <div id="vector-main-menu-pinned-container" class="vector-pinned-container"> </div> </nav> </div> </div> <div class="vector-sticky-pinned-container"> <nav id="mw-panel-toc" aria-label="Contents" data-event-name="ui.sidebar-toc" class="mw-table-of-contents-container vector-toc-landmark"> <div id="vector-toc-pinned-container" class="vector-pinned-container"> <div id="vector-toc" class="vector-toc vector-pinnable-element"> <div class="vector-pinnable-header vector-toc-pinnable-header vector-pinnable-header-pinned" data-feature-name="toc-pinned" data-pinnable-element-id="vector-toc" > <h2 class="vector-pinnable-header-label">Contents</h2> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-toc.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-toc.unpin">hide</button> </div> <ul class="vector-toc-contents" id="mw-panel-toc-list"> <li id="toc-mw-content-text" class="vector-toc-list-item vector-toc-level-1"> <a href="#" class="vector-toc-link"> <div class="vector-toc-text">(Top)</div> </a> </li> <li id="toc-Description" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Description"> <div class="vector-toc-text"> 1 Description </div> </a> <button aria-controls="toc-Description-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Description subsection </button> <ul id="toc-Description-sublist" class="vector-toc-list"> <li id="toc-Datagram_Transport_Layer_Security" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Datagram_Transport_Layer_Security"> <div class="vector-toc-text"> 1.1 Datagram Transport Layer Security </div> </a> <ul id="toc-Datagram_Transport_Layer_Security-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-History_and_development" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#History_and_development"> <div class="vector-toc-text"> 2 History and development </div> </a> <button aria-controls="toc-History_and_development-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle History and development subsection </button> <ul id="toc-History_and_development-sublist" class="vector-toc-list"> <li id="toc-Secure_Data_Network_System" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Secure_Data_Network_System"> <div class="vector-toc-text"> 2.1 Secure Data Network System </div> </a> <ul id="toc-Secure_Data_Network_System-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Secure_Network_Programming_(SNP)" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Secure_Network_Programming_(SNP)"> <div class="vector-toc-text"> 2.2 Secure Network Programming (SNP) </div> </a> <ul id="toc-Secure_Network_Programming_(SNP)-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-SSL_1.0,_2.0,_and_3.0" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#SSL_1.0,_2.0,_and_3.0"> <div class="vector-toc-text"> 2.3 SSL 1.0, 2.0, and 3.0 </div> </a> <ul id="toc-SSL_1.0,_2.0,_and_3.0-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-TLS_1.0" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#TLS_1.0"> <div class="vector-toc-text"> 2.4 TLS 1.0 </div> </a> <ul id="toc-TLS_1.0-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-TLS_1.1" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#TLS_1.1"> <div class="vector-toc-text"> 2.5 TLS 1.1 </div> </a> <ul id="toc-TLS_1.1-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-TLS_1.2" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#TLS_1.2"> <div class="vector-toc-text"> 2.6 TLS 1.2 </div> </a> <ul id="toc-TLS_1.2-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-TLS_1.3" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#TLS_1.3"> <div class="vector-toc-text"> 2.7 TLS 1.3 </div> </a> <ul id="toc-TLS_1.3-sublist" class="vector-toc-list"> <li id="toc-Enterprise_Transport_Security" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Enterprise_Transport_Security"> <div class="vector-toc-text"> 2.7.1 Enterprise Transport Security </div> </a> <ul id="toc-Enterprise_Transport_Security-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> </ul> </li> <li id="toc-Digital_certificates" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Digital_certificates"> <div class="vector-toc-text"> 3 Digital certificates </div> </a> <button aria-controls="toc-Digital_certificates-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Digital certificates subsection </button> <ul id="toc-Digital_certificates-sublist" class="vector-toc-list"> <li id="toc-Certificate_authorities" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Certificate_authorities"> <div class="vector-toc-text"> 3.1 Certificate authorities </div> </a> <ul id="toc-Certificate_authorities-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Importance_of_SSL_Certificates" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Importance_of_SSL_Certificates"> <div class="vector-toc-text"> 3.2 Importance of SSL Certificates </div> </a> <ul id="toc-Importance_of_SSL_Certificates-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Algorithms" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Algorithms"> <div class="vector-toc-text"> 4 Algorithms </div> </a> <button aria-controls="toc-Algorithms-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Algorithms subsection </button> <ul id="toc-Algorithms-sublist" class="vector-toc-list"> <li id="toc-Key_exchange_or_key_agreement" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Key_exchange_or_key_agreement"> <div class="vector-toc-text"> 4.1 Key exchange or key agreement </div> </a> <ul id="toc-Key_exchange_or_key_agreement-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Cipher" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Cipher"> <div class="vector-toc-text"> 4.2 Cipher </div> </a> <ul id="toc-Cipher-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Data_integrity" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Data_integrity"> <div class="vector-toc-text"> 4.3 Data integrity </div> </a> <ul id="toc-Data_integrity-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Applications_and_adoption" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Applications_and_adoption"> <div class="vector-toc-text"> 5 Applications and adoption </div> </a> <button aria-controls="toc-Applications_and_adoption-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Applications and adoption subsection </button> <ul id="toc-Applications_and_adoption-sublist" class="vector-toc-list"> <li id="toc-Websites" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Websites"> <div class="vector-toc-text"> 5.1 Websites </div> </a> <ul id="toc-Websites-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Web_browsers" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Web_browsers"> <div class="vector-toc-text"> 5.2 Web browsers </div> </a> <ul id="toc-Web_browsers-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Libraries" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Libraries"> <div class="vector-toc-text"> 5.3 Libraries </div> </a> <ul id="toc-Libraries-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Other_uses" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Other_uses"> <div class="vector-toc-text"> 5.4 Other uses </div> </a> <ul id="toc-Other_uses-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Security" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Security"> <div class="vector-toc-text"> 6 Security </div> </a> <button aria-controls="toc-Security-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Security subsection </button> <ul id="toc-Security-sublist" class="vector-toc-list"> <li id="toc-Attacks_against_TLS/SSL" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Attacks_against_TLS/SSL"> <div class="vector-toc-text"> 6.1 Attacks against TLS/SSL </div> </a> <ul id="toc-Attacks_against_TLS/SSL-sublist" class="vector-toc-list"> <li id="toc-Renegotiation_attack" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Renegotiation_attack"> <div class="vector-toc-text"> 6.1.1 Renegotiation attack </div> </a> <ul id="toc-Renegotiation_attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Downgrade_attacks:_FREAK_attack_and_Logjam_attack" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Downgrade_attacks:_FREAK_attack_and_Logjam_attack"> <div class="vector-toc-text"> 6.1.2 Downgrade attacks: FREAK attack and Logjam attack </div> </a> <ul id="toc-Downgrade_attacks:_FREAK_attack_and_Logjam_attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Cross-protocol_attacks:_DROWN" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Cross-protocol_attacks:_DROWN"> <div class="vector-toc-text"> 6.1.3 Cross-protocol attacks: DROWN </div> </a> <ul id="toc-Cross-protocol_attacks:_DROWN-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-BEAST_attack" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#BEAST_attack"> <div class="vector-toc-text"> 6.1.4 BEAST attack </div> </a> <ul id="toc-BEAST_attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-CRIME_and_BREACH_attacks" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#CRIME_and_BREACH_attacks"> <div class="vector-toc-text"> 6.1.5 CRIME and BREACH attacks </div> </a> <ul id="toc-CRIME_and_BREACH_attacks-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Timing_attacks_on_padding" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Timing_attacks_on_padding"> <div class="vector-toc-text"> 6.1.6 Timing attacks on padding </div> </a> <ul id="toc-Timing_attacks_on_padding-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-POODLE_attack" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#POODLE_attack"> <div class="vector-toc-text"> 6.1.7 POODLE attack </div> </a> <ul id="toc-POODLE_attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-RC4_attacks" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#RC4_attacks"> <div class="vector-toc-text"> 6.1.8 RC4 attacks </div> </a> <ul id="toc-RC4_attacks-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Truncation_attack" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Truncation_attack"> <div class="vector-toc-text"> 6.1.9 Truncation attack </div> </a> <ul id="toc-Truncation_attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Plaintext_attack_against_DTLS" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Plaintext_attack_against_DTLS"> <div class="vector-toc-text"> 6.1.10 Plaintext attack against DTLS </div> </a> <ul id="toc-Plaintext_attack_against_DTLS-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Unholy_PAC_attack" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Unholy_PAC_attack"> <div class="vector-toc-text"> 6.1.11 Unholy PAC attack </div> </a> <ul id="toc-Unholy_PAC_attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Sweet32_attack" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Sweet32_attack"> <div class="vector-toc-text"> 6.1.12 Sweet32 attack </div> </a> <ul id="toc-Sweet32_attack-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Implementation_errors:_Heartbleed_bug,_BERserk_attack,_Cloudflare_bug" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Implementation_errors:_Heartbleed_bug,_BERserk_attack,_Cloudflare_bug"> <div class="vector-toc-text"> 6.1.13 Implementation errors: Heartbleed bug, BERserk attack, Cloudflare bug </div> </a> <ul id="toc-Implementation_errors:_Heartbleed_bug,_BERserk_attack,_Cloudflare_bug-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Survey_of_websites_vulnerable_to_attacks" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Survey_of_websites_vulnerable_to_attacks"> <div class="vector-toc-text"> 6.1.14 Survey of websites vulnerable to attacks </div> </a> <ul id="toc-Survey_of_websites_vulnerable_to_attacks-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Forward_secrecy" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Forward_secrecy"> <div class="vector-toc-text"> 6.2 Forward secrecy </div> </a> <ul id="toc-Forward_secrecy-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-TLS_interception" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#TLS_interception"> <div class="vector-toc-text"> 6.3 TLS interception </div> </a> <ul id="toc-TLS_interception-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-Protocol_details" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Protocol_details"> <div class="vector-toc-text"> 7 Protocol details </div> </a> <button aria-controls="toc-Protocol_details-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Protocol details subsection </button> <ul id="toc-Protocol_details-sublist" class="vector-toc-list"> <li id="toc-TLS_handshake" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#TLS_handshake"> <div class="vector-toc-text"> 7.1 TLS handshake </div> </a> <ul id="toc-TLS_handshake-sublist" class="vector-toc-list"> <li id="toc-Basic_TLS_handshake" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Basic_TLS_handshake"> <div class="vector-toc-text"> 7.1.1 Basic TLS handshake </div> </a> <ul id="toc-Basic_TLS_handshake-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Client-authenticated_TLS_handshake" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Client-authenticated_TLS_handshake"> <div class="vector-toc-text"> 7.1.2 Client-authenticated TLS handshake </div> </a> <ul id="toc-Client-authenticated_TLS_handshake-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Resumed_TLS_handshake" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Resumed_TLS_handshake"> <div class="vector-toc-text"> 7.1.3 Resumed TLS handshake </div> </a> <ul id="toc-Resumed_TLS_handshake-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-TLS_1.3_handshake" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#TLS_1.3_handshake"> <div class="vector-toc-text"> 7.1.4 TLS 1.3 handshake </div> </a> <ul id="toc-TLS_1.3_handshake-sublist" class="vector-toc-list"> <li id="toc-Session_IDs" class="vector-toc-list-item vector-toc-level-4"> <a class="vector-toc-link" href="#Session_IDs"> <div class="vector-toc-text"> 7.1.4.1 Session IDs </div> </a> <ul id="toc-Session_IDs-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Session_tickets" class="vector-toc-list-item vector-toc-level-4"> <a class="vector-toc-link" href="#Session_tickets"> <div class="vector-toc-text"> 7.1.4.2 Session tickets </div> </a> <ul id="toc-Session_tickets-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> </ul> </li> <li id="toc-TLS_record" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#TLS_record"> <div class="vector-toc-text"> 7.2 TLS record </div> </a> <ul id="toc-TLS_record-sublist" class="vector-toc-list"> <li id="toc-Handshake_protocol" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Handshake_protocol"> <div class="vector-toc-text"> 7.2.1 Handshake protocol </div> </a> <ul id="toc-Handshake_protocol-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Alert_protocol" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Alert_protocol"> <div class="vector-toc-text"> 7.2.2 Alert protocol </div> </a> <ul id="toc-Alert_protocol-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-ChangeCipherSpec_protocol" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#ChangeCipherSpec_protocol"> <div class="vector-toc-text"> 7.2.3 ChangeCipherSpec protocol </div> </a> <ul id="toc-ChangeCipherSpec_protocol-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Application_protocol" class="vector-toc-list-item vector-toc-level-3"> <a class="vector-toc-link" href="#Application_protocol"> <div class="vector-toc-text"> 7.2.4 Application protocol </div> </a> <ul id="toc-Application_protocol-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> </ul> </li> <li id="toc-Support_for_name-based_virtual_servers" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Support_for_name-based_virtual_servers"> <div class="vector-toc-text"> 8 Support for name-based virtual servers </div> </a> <ul id="toc-Support_for_name-based_virtual_servers-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-See_also" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#See_also"> <div class="vector-toc-text"> 9 See also </div> </a> <ul id="toc-See_also-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-References" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#References"> <div class="vector-toc-text"> 10 References </div> </a> <ul id="toc-References-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Further_reading" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#Further_reading"> <div class="vector-toc-text"> 11 Further reading </div> </a> <button aria-controls="toc-Further_reading-sublist" class="cdx-button cdx-button--weight-quiet cdx-button--icon-only vector-toc-toggle"> Toggle Further reading subsection </button> <ul id="toc-Further_reading-sublist" class="vector-toc-list"> <li id="toc-Primary_standards" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Primary_standards"> <div class="vector-toc-text"> 11.1 Primary standards </div> </a> <ul id="toc-Primary_standards-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Extensions" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Extensions"> <div class="vector-toc-text"> 11.2 Extensions </div> </a> <ul id="toc-Extensions-sublist" class="vector-toc-list"> </ul> </li> <li id="toc-Informational_RFCs" class="vector-toc-list-item vector-toc-level-2"> <a class="vector-toc-link" href="#Informational_RFCs"> <div class="vector-toc-text"> 11.3 Informational RFCs </div> </a> <ul id="toc-Informational_RFCs-sublist" class="vector-toc-list"> </ul> </li> </ul> </li> <li id="toc-External_links" class="vector-toc-list-item vector-toc-level-1"> <a class="vector-toc-link" href="#External_links"> <div class="vector-toc-text"> 12 External links </div> </a> <ul id="toc-External_links-sublist" class="vector-toc-list"> </ul> </li> </ul> </div> </div> </nav> </div> </div> <div class="mw-content-container"> <main id="content" class="mw-body"> <header class="mw-body-header vector-page-titlebar"> <nav aria-label="Contents" class="vector-toc-landmark"> <div id="vector-page-titlebar-toc" class="vector-dropdown vector-page-titlebar-toc vector-button-flush-left" > <input type="checkbox" id="vector-page-titlebar-toc-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-titlebar-toc" class="vector-dropdown-checkbox " aria-label="Toggle the table of contents" > <label id="vector-page-titlebar-toc-label" for="vector-page-titlebar-toc-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--icon-only " aria-hidden="true" > Toggle the table of contents </label> <div class="vector-dropdown-content"> <div id="vector-page-titlebar-toc-unpinned-container" class="vector-unpinned-container"> </div> </div> </div> </nav> <h1 id="firstHeading" class="firstHeading mw-first-heading">Transport Layer Security</h1> <div id="p-lang-btn" class="vector-dropdown mw-portlet mw-portlet-lang" > <input type="checkbox" id="p-lang-btn-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-p-lang-btn" class="vector-dropdown-checkbox mw-interlanguage-selector" aria-label="Go to an article in another language. Available in 49 languages" > <label id="p-lang-btn-label" for="p-lang-btn-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet cdx-button--action-progressive mw-portlet-lang-heading-49" aria-hidden="true" > 49 languages </label> <div class="vector-dropdown-content"> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="interlanguage-link interwiki-ar mw-list-item"><a href="https://ar.wikipedia.org/wiki/%D8%A8%D8%B1%D9%88%D8%AA%D9%88%D9%83%D9%88%D9%84_%D8%B7%D8%A8%D9%82%D8%A9_%D8%A7%D9%84%D9%85%D9%82%D8%A7%D8%A8%D8%B3_%D8%A7%D9%84%D8%A2%D9%85%D9%86%D8%A9" title="بروتوكول طبقة المقابس الآمنة – Arabic" lang="ar" hreflang="ar" data-title="بروتوكول طبقة المقابس الآمنة" data-language-autonym="العربية" data-language-local-name="Arabic" class="interlanguage-link-target">العربية</a></li><li class="interlanguage-link interwiki-bg mw-list-item"><a href="https://bg.wikipedia.org/wiki/TLS" title="TLS – Bulgarian" lang="bg" hreflang="bg" data-title="TLS" data-language-autonym="Български" data-language-local-name="Bulgarian" class="interlanguage-link-target">Български</a></li><li class="interlanguage-link interwiki-bs mw-list-item"><a href="https://bs.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Bosnian" lang="bs" hreflang="bs" data-title="Transport Layer Security" data-language-autonym="Bosanski" data-language-local-name="Bosnian" class="interlanguage-link-target">Bosanski</a></li><li class="interlanguage-link interwiki-ca mw-list-item"><a href="https://ca.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Catalan" lang="ca" hreflang="ca" data-title="Transport Layer Security" data-language-autonym="Català" data-language-local-name="Catalan" class="interlanguage-link-target">Català</a></li><li class="interlanguage-link interwiki-cs mw-list-item"><a href="https://cs.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Czech" lang="cs" hreflang="cs" data-title="Transport Layer Security" data-language-autonym="Čeština" data-language-local-name="Czech" class="interlanguage-link-target">Čeština</a></li><li class="interlanguage-link interwiki-da mw-list-item"><a href="https://da.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Danish" lang="da" hreflang="da" data-title="Transport Layer Security" data-language-autonym="Dansk" data-language-local-name="Danish" class="interlanguage-link-target">Dansk</a></li><li class="interlanguage-link interwiki-de mw-list-item"><a href="https://de.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – German" lang="de" hreflang="de" data-title="Transport Layer Security" data-language-autonym="Deutsch" data-language-local-name="German" class="interlanguage-link-target">Deutsch</a></li><li class="interlanguage-link interwiki-et mw-list-item"><a href="https://et.wikipedia.org/wiki/Transpordikihi_turbeprotokoll" title="Transpordikihi turbeprotokoll – Estonian" lang="et" hreflang="et" data-title="Transpordikihi turbeprotokoll" data-language-autonym="Eesti" data-language-local-name="Estonian" class="interlanguage-link-target">Eesti</a></li><li class="interlanguage-link interwiki-el mw-list-item"><a href="https://el.wikipedia.org/wiki/TLS" title="TLS – Greek" lang="el" hreflang="el" data-title="TLS" data-language-autonym="Ελληνικά" data-language-local-name="Greek" class="interlanguage-link-target">Ελληνικά</a></li><li class="interlanguage-link interwiki-es mw-list-item"><a href="https://es.wikipedia.org/wiki/Seguridad_de_la_capa_de_transporte" title="Seguridad de la capa de transporte – Spanish" lang="es" hreflang="es" data-title="Seguridad de la capa de transporte" data-language-autonym="Español" data-language-local-name="Spanish" class="interlanguage-link-target">Español</a></li><li class="interlanguage-link interwiki-eo mw-list-item"><a href="https://eo.wikipedia.org/wiki/TLS_(reto)" title="TLS (reto) – Esperanto" lang="eo" hreflang="eo" data-title="TLS (reto)" data-language-autonym="Esperanto" data-language-local-name="Esperanto" class="interlanguage-link-target">Esperanto</a></li><li class="interlanguage-link interwiki-eu mw-list-item"><a href="https://eu.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Basque" lang="eu" hreflang="eu" data-title="Transport Layer Security" data-language-autonym="Euskara" data-language-local-name="Basque" class="interlanguage-link-target">Euskara</a></li><li class="interlanguage-link interwiki-fa mw-list-item"><a href="https://fa.wikipedia.org/wiki/%D8%A7%D9%85%D9%86%DB%8C%D8%AA_%D9%84%D8%A7%DB%8C%D9%87_%D8%A7%D9%86%D8%AA%D9%82%D8%A7%D9%84" title="امنیت لایه انتقال – Persian" lang="fa" hreflang="fa" data-title="امنیت لایه انتقال" data-language-autonym="فارسی" data-language-local-name="Persian" class="interlanguage-link-target">فارسی</a></li><li class="interlanguage-link interwiki-fr mw-list-item"><a href="https://fr.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – French" lang="fr" hreflang="fr" data-title="Transport Layer Security" data-language-autonym="Français" data-language-local-name="French" class="interlanguage-link-target">Français</a></li><li class="interlanguage-link interwiki-ko mw-list-item"><a href="https://ko.wikipedia.org/wiki/%EC%A0%84%EC%86%A1_%EA%B3%84%EC%B8%B5_%EB%B3%B4%EC%95%88" title="전송 계층 보안 – Korean" lang="ko" hreflang="ko" data-title="전송 계층 보안" data-language-autonym="한국어" data-language-local-name="Korean" class="interlanguage-link-target">한국어</a></li><li class="interlanguage-link interwiki-hr mw-list-item"><a href="https://hr.wikipedia.org/wiki/TLS" title="TLS – Croatian" lang="hr" hreflang="hr" data-title="TLS" data-language-autonym="Hrvatski" data-language-local-name="Croatian" class="interlanguage-link-target">Hrvatski</a></li><li class="interlanguage-link interwiki-id mw-list-item"><a href="https://id.wikipedia.org/wiki/Keamanan_Lapisan_Transportasi" title="Keamanan Lapisan Transportasi – Indonesian" lang="id" hreflang="id" data-title="Keamanan Lapisan Transportasi" data-language-autonym="Bahasa Indonesia" data-language-local-name="Indonesian" class="interlanguage-link-target">Bahasa Indonesia</a></li><li class="interlanguage-link interwiki-it mw-list-item"><a href="https://it.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Italian" lang="it" hreflang="it" data-title="Transport Layer Security" data-language-autonym="Italiano" data-language-local-name="Italian" class="interlanguage-link-target">Italiano</a></li><li class="interlanguage-link interwiki-he mw-list-item"><a href="https://he.wikipedia.org/wiki/TLS_(%D7%A4%D7%A8%D7%95%D7%98%D7%95%D7%A7%D7%95%D7%9C)" title="TLS (פרוטוקול) – Hebrew" lang="he" hreflang="he" data-title="TLS (פרוטוקול)" data-language-autonym="עברית" data-language-local-name="Hebrew" class="interlanguage-link-target">עברית</a></li><li class="interlanguage-link interwiki-lv mw-list-item"><a href="https://lv.wikipedia.org/wiki/Transporta_sl%C4%81%C5%86a_dro%C5%A1%C4%ABba" title="Transporta slāņa drošība – Latvian" lang="lv" hreflang="lv" data-title="Transporta slāņa drošība" data-language-autonym="Latviešu" data-language-local-name="Latvian" class="interlanguage-link-target">Latviešu</a></li><li class="interlanguage-link interwiki-lt mw-list-item"><a href="https://lt.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Lithuanian" lang="lt" hreflang="lt" data-title="Transport Layer Security" data-language-autonym="Lietuvių" data-language-local-name="Lithuanian" class="interlanguage-link-target">Lietuvių</a></li><li class="interlanguage-link interwiki-lmo mw-list-item"><a href="https://lmo.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Lombard" lang="lmo" hreflang="lmo" data-title="Transport Layer Security" data-language-autonym="Lombard" data-language-local-name="Lombard" class="interlanguage-link-target">Lombard</a></li><li class="interlanguage-link interwiki-hu mw-list-item"><a href="https://hu.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Hungarian" lang="hu" hreflang="hu" data-title="Transport Layer Security" data-language-autonym="Magyar" data-language-local-name="Hungarian" class="interlanguage-link-target">Magyar</a></li><li class="interlanguage-link interwiki-ml mw-list-item"><a href="https://ml.wikipedia.org/wiki/%E0%B4%9F%E0%B5%8D%E0%B4%B0%E0%B4%BE%E0%B5%BB%E0%B4%B8%E0%B5%8D%E0%B4%AA%E0%B5%8B%E0%B5%BC%E0%B4%9F%E0%B5%8D%E0%B4%9F%E0%B5%8D_%E0%B4%B2%E0%B5%86%E0%B4%AF%E0%B5%BC_%E0%B4%B8%E0%B5%86%E0%B4%95%E0%B5%8D%E0%B4%AF%E0%B5%82%E0%B4%B0%E0%B4%BF%E0%B4%B1%E0%B5%8D%E0%B4%B1%E0%B4%BF" title="ട്രാൻസ്പോർട്ട് ലെയർ സെക്യൂരിറ്റി – Malayalam" lang="ml" hreflang="ml" data-title="ട്രാൻസ്പോർട്ട് ലെയർ സെക്യൂരിറ്റി" data-language-autonym="മലയാളം" data-language-local-name="Malayalam" class="interlanguage-link-target">മലയാളം</a></li><li class="interlanguage-link interwiki-nl mw-list-item"><a href="https://nl.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Dutch" lang="nl" hreflang="nl" data-title="Transport Layer Security" data-language-autonym="Nederlands" data-language-local-name="Dutch" class="interlanguage-link-target">Nederlands</a></li><li class="interlanguage-link interwiki-ja mw-list-item"><a href="https://ja.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Japanese" lang="ja" hreflang="ja" data-title="Transport Layer Security" data-language-autonym="日本語" data-language-local-name="Japanese" class="interlanguage-link-target">日本語</a></li><li class="interlanguage-link interwiki-no mw-list-item"><a href="https://no.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Norwegian Bokmål" lang="nb" hreflang="nb" data-title="Transport Layer Security" data-language-autonym="Norsk bokmål" data-language-local-name="Norwegian Bokmål" class="interlanguage-link-target">Norsk bokmål</a></li><li class="interlanguage-link interwiki-nn mw-list-item"><a href="https://nn.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Norwegian Nynorsk" lang="nn" hreflang="nn" data-title="Transport Layer Security" data-language-autonym="Norsk nynorsk" data-language-local-name="Norwegian Nynorsk" class="interlanguage-link-target">Norsk nynorsk</a></li><li class="interlanguage-link interwiki-uz mw-list-item"><a href="https://uz.wikipedia.org/wiki/TLS" title="TLS – Uzbek" lang="uz" hreflang="uz" data-title="TLS" data-language-autonym="Oʻzbekcha / ўзбекча" data-language-local-name="Uzbek" class="interlanguage-link-target">Oʻzbekcha / ўзбекча</a></li><li class="interlanguage-link interwiki-pms mw-list-item"><a href="https://pms.wikipedia.org/wiki/SSL" title="SSL – Piedmontese" lang="pms" hreflang="pms" data-title="SSL" data-language-autonym="Piemontèis" data-language-local-name="Piedmontese" class="interlanguage-link-target">Piemontèis</a></li><li class="interlanguage-link interwiki-pl mw-list-item"><a href="https://pl.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Polish" lang="pl" hreflang="pl" data-title="Transport Layer Security" data-language-autonym="Polski" data-language-local-name="Polish" class="interlanguage-link-target">Polski</a></li><li class="interlanguage-link interwiki-pt mw-list-item"><a href="https://pt.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Portuguese" lang="pt" hreflang="pt" data-title="Transport Layer Security" data-language-autonym="Português" data-language-local-name="Portuguese" class="interlanguage-link-target">Português</a></li><li class="interlanguage-link interwiki-ro mw-list-item"><a href="https://ro.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Romanian" lang="ro" hreflang="ro" data-title="Transport Layer Security" data-language-autonym="Română" data-language-local-name="Romanian" class="interlanguage-link-target">Română</a></li><li class="interlanguage-link interwiki-ru mw-list-item"><a href="https://ru.wikipedia.org/wiki/TLS" title="TLS – Russian" lang="ru" hreflang="ru" data-title="TLS" data-language-autonym="Русский" data-language-local-name="Russian" class="interlanguage-link-target">Русский</a></li><li class="interlanguage-link interwiki-sco mw-list-item"><a href="https://sco.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Scots" lang="sco" hreflang="sco" data-title="Transport Layer Security" data-language-autonym="Scots" data-language-local-name="Scots" class="interlanguage-link-target">Scots</a></li><li class="interlanguage-link interwiki-sq mw-list-item"><a href="https://sq.wikipedia.org/wiki/Siguria_e_Shtres%C3%ABs_s%C3%AB_Transportit" title="Siguria e Shtresës së Transportit – Albanian" lang="sq" hreflang="sq" data-title="Siguria e Shtresës së Transportit" data-language-autonym="Shqip" data-language-local-name="Albanian" class="interlanguage-link-target">Shqip</a></li><li class="interlanguage-link interwiki-simple mw-list-item"><a href="https://simple.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Simple English" lang="en-simple" hreflang="en-simple" data-title="Transport Layer Security" data-language-autonym="Simple English" data-language-local-name="Simple English" class="interlanguage-link-target">Simple English</a></li><li class="interlanguage-link interwiki-sk mw-list-item"><a href="https://sk.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Slovak" lang="sk" hreflang="sk" data-title="Transport Layer Security" data-language-autonym="Slovenčina" data-language-local-name="Slovak" class="interlanguage-link-target">Slovenčina</a></li><li class="interlanguage-link interwiki-ckb mw-list-item"><a href="https://ckb.wikipedia.org/wiki/%DA%86%DB%8C%D9%86%DB%8C_%D9%BE%DB%8E%DA%A9%DB%95%D9%88%DB%95%D8%A8%DB%95%D8%B3%D8%AA%DB%8C_%D9%BE%D8%A7%D8%B1%DB%8E%D8%B2%D8%B1%D8%A7%D9%88" title="چینی پێکەوەبەستی پارێزراو – Central Kurdish" lang="ckb" hreflang="ckb" data-title="چینی پێکەوەبەستی پارێزراو" data-language-autonym="کوردی" data-language-local-name="Central Kurdish" class="interlanguage-link-target">کوردی</a></li><li class="interlanguage-link interwiki-fi mw-list-item"><a href="https://fi.wikipedia.org/wiki/TLS" title="TLS – Finnish" lang="fi" hreflang="fi" data-title="TLS" data-language-autonym="Suomi" data-language-local-name="Finnish" class="interlanguage-link-target">Suomi</a></li><li class="interlanguage-link interwiki-sv mw-list-item"><a href="https://sv.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Swedish" lang="sv" hreflang="sv" data-title="Transport Layer Security" data-language-autonym="Svenska" data-language-local-name="Swedish" class="interlanguage-link-target">Svenska</a></li><li class="interlanguage-link interwiki-th mw-list-item"><a href="https://th.wikipedia.org/wiki/%E0%B8%97%E0%B8%B5%E0%B9%81%E0%B8%AD%E0%B8%A5%E0%B9%80%E0%B8%AD%E0%B8%AA" title="ทีแอลเอส – Thai" lang="th" hreflang="th" data-title="ทีแอลเอส" data-language-autonym="ไทย" data-language-local-name="Thai" class="interlanguage-link-target">ไทย</a></li><li class="interlanguage-link interwiki-tr mw-list-item"><a href="https://tr.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Turkish" lang="tr" hreflang="tr" data-title="Transport Layer Security" data-language-autonym="Türkçe" data-language-local-name="Turkish" class="interlanguage-link-target">Türkçe</a></li><li class="interlanguage-link interwiki-uk mw-list-item"><a href="https://uk.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Ukrainian" lang="uk" hreflang="uk" data-title="Transport Layer Security" data-language-autonym="Українська" data-language-local-name="Ukrainian" class="interlanguage-link-target">Українська</a></li><li class="interlanguage-link interwiki-vi mw-list-item"><a href="https://vi.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Vietnamese" lang="vi" hreflang="vi" data-title="Transport Layer Security" data-language-autonym="Tiếng Việt" data-language-local-name="Vietnamese" class="interlanguage-link-target">Tiếng Việt</a></li><li class="interlanguage-link interwiki-wuu mw-list-item"><a href="https://wuu.wikipedia.org/wiki/%E4%BC%A0%E8%BE%93%E5%B1%82%E5%AE%89%E5%85%A8%E6%80%A7%E5%8D%8F%E8%AE%AE" title="传输层安全性协议 – Wu" lang="wuu" hreflang="wuu" data-title="传输层安全性协议" data-language-autonym="吴语" data-language-local-name="Wu" class="interlanguage-link-target">吴语</a></li><li class="interlanguage-link interwiki-yo mw-list-item"><a href="https://yo.wikipedia.org/wiki/Transport_Layer_Security" title="Transport Layer Security – Yoruba" lang="yo" hreflang="yo" data-title="Transport Layer Security" data-language-autonym="Yorùbá" data-language-local-name="Yoruba" class="interlanguage-link-target">Yorùbá</a></li><li class="interlanguage-link interwiki-zh-yue mw-list-item"><a href="https://zh-yue.wikipedia.org/wiki/TLS" title="TLS – Cantonese" lang="yue" hreflang="yue" data-title="TLS" data-language-autonym="粵語" data-language-local-name="Cantonese" class="interlanguage-link-target">粵語</a></li><li class="interlanguage-link interwiki-zh mw-list-item"><a href="https://zh.wikipedia.org/wiki/%E5%82%B3%E8%BC%B8%E5%B1%A4%E5%AE%89%E5%85%A8%E6%80%A7%E5%8D%94%E5%AE%9A" title="傳輸層安全性協定 – Chinese" lang="zh" hreflang="zh" data-title="傳輸層安全性協定" data-language-autonym="中文" data-language-local-name="Chinese" class="interlanguage-link-target">中文</a></li> </ul> <div class="after-portlet after-portlet-lang"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q206494#sitelinks-wikipedia" title="Edit interlanguage links" class="wbc-editpage">Edit links</a></div> </div> </div> </div> </header> <div class="vector-page-toolbar"> <div class="vector-page-toolbar-container"> <div id="left-navigation"> <nav aria-label="Namespaces"> <div id="p-associated-pages" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-associated-pages" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-nstab-main" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Transport_Layer_Security" title="View the content page [c]" accesskey="c">Article</a></li><li id="ca-talk" class="vector-tab-noicon mw-list-item"><a href="/wiki/Talk:Transport_Layer_Security" rel="discussion" title="Discuss improvements to the content page [t]" accesskey="t">Talk</a></li> </ul> </div> </div> <div id="vector-variants-dropdown" class="vector-dropdown emptyPortlet" > <input type="checkbox" id="vector-variants-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-variants-dropdown" class="vector-dropdown-checkbox " aria-label="Change language variant" > <label id="vector-variants-dropdown-label" for="vector-variants-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" >English </label> <div class="vector-dropdown-content"> <div id="p-variants" class="vector-menu mw-portlet mw-portlet-variants emptyPortlet" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> </ul> </div> </div> </div> </div> </nav> </div> <div id="right-navigation" class="vector-collapsible"> <nav aria-label="Views"> <div id="p-views" class="vector-menu vector-menu-tabs mw-portlet mw-portlet-views" > <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-view" class="selected vector-tab-noicon mw-list-item"><a href="/wiki/Transport_Layer_Security">Read</a></li><li id="ca-edit" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Transport_Layer_Security&action=edit" title="Edit this page [e]" accesskey="e">Edit</a></li><li id="ca-history" class="vector-tab-noicon mw-list-item"><a href="/w/index.php?title=Transport_Layer_Security&action=history" title="Past revisions of this page [h]" accesskey="h">View history</a></li> </ul> </div> </div> </nav> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-dropdown" class="vector-dropdown vector-page-tools-dropdown" > <input type="checkbox" id="vector-page-tools-dropdown-checkbox" role="button" aria-haspopup="true" data-event-name="ui.dropdown-vector-page-tools-dropdown" class="vector-dropdown-checkbox " aria-label="Tools" > <label id="vector-page-tools-dropdown-label" for="vector-page-tools-dropdown-checkbox" class="vector-dropdown-label cdx-button cdx-button--fake-button cdx-button--fake-button--enabled cdx-button--weight-quiet" aria-hidden="true" >Tools </label> <div class="vector-dropdown-content"> <div id="vector-page-tools-unpinned-container" class="vector-unpinned-container"> <div id="vector-page-tools" class="vector-page-tools vector-pinnable-element"> <div class="vector-pinnable-header vector-page-tools-pinnable-header vector-pinnable-header-unpinned" data-feature-name="page-tools-pinned" data-pinnable-element-id="vector-page-tools" data-pinned-container-id="vector-page-tools-pinned-container" data-unpinned-container-id="vector-page-tools-unpinned-container" > <div class="vector-pinnable-header-label">Tools</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-page-tools.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-page-tools.unpin">hide</button> </div> <div id="p-cactions" class="vector-menu mw-portlet mw-portlet-cactions emptyPortlet vector-has-collapsible-items" title="More options" > <div class="vector-menu-heading"> Actions </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="ca-more-view" class="selected vector-more-collapsible-item mw-list-item"><a href="/wiki/Transport_Layer_Security">Read</a></li><li id="ca-more-edit" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Transport_Layer_Security&action=edit" title="Edit this page [e]" accesskey="e">Edit</a></li><li id="ca-more-history" class="vector-more-collapsible-item mw-list-item"><a href="/w/index.php?title=Transport_Layer_Security&action=history">View history</a></li> </ul> </div> </div> <div id="p-tb" class="vector-menu mw-portlet mw-portlet-tb" > <div class="vector-menu-heading"> General </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="t-whatlinkshere" class="mw-list-item"><a href="/wiki/Special:WhatLinksHere/Transport_Layer_Security" title="List of all English Wikipedia pages containing links to this page [j]" accesskey="j">What links here</a></li><li id="t-recentchangeslinked" class="mw-list-item"><a href="/wiki/Special:RecentChangesLinked/Transport_Layer_Security" rel="nofollow" title="Recent changes in pages linked from this page [k]" accesskey="k">Related changes</a></li><li id="t-upload" class="mw-list-item"><a href="/wiki/Wikipedia:File_Upload_Wizard" title="Upload files [u]" accesskey="u">Upload file</a></li><li id="t-specialpages" class="mw-list-item"><a href="/wiki/Special:SpecialPages" title="A list of all special pages [q]" accesskey="q">Special pages</a></li><li id="t-permalink" class="mw-list-item"><a href="/w/index.php?title=Transport_Layer_Security&oldid=1257548947" title="Permanent link to this revision of this page">Permanent link</a></li><li id="t-info" class="mw-list-item"><a href="/w/index.php?title=Transport_Layer_Security&action=info" title="More information about this page">Page information</a></li><li id="t-cite" class="mw-list-item"><a href="/w/index.php?title=Special:CiteThisPage&page=Transport_Layer_Security&id=1257548947&wpFormIdentifier=titleform" title="Information on how to cite this page">Cite this page</a></li><li id="t-urlshortener" class="mw-list-item"><a href="/w/index.php?title=Special:UrlShortener&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FTransport_Layer_Security">Get shortened URL</a></li><li id="t-urlshortener-qrcode" class="mw-list-item"><a href="/w/index.php?title=Special:QrCode&url=https%3A%2F%2Fen.wikipedia.org%2Fwiki%2FTransport_Layer_Security">Download QR code</a></li> </ul> </div> </div> <div id="p-coll-print_export" class="vector-menu mw-portlet mw-portlet-coll-print_export" > <div class="vector-menu-heading"> Print/export </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li id="coll-download-as-rl" class="mw-list-item"><a href="/w/index.php?title=Special:DownloadAsPdf&page=Transport_Layer_Security&action=show-download-screen" title="Download this page as a PDF file">Download as PDF</a></li><li id="t-print" class="mw-list-item"><a href="/w/index.php?title=Transport_Layer_Security&printable=yes" title="Printable version of this page [p]" accesskey="p">Printable version</a></li> </ul> </div> </div> <div id="p-wikibase-otherprojects" class="vector-menu mw-portlet mw-portlet-wikibase-otherprojects" > <div class="vector-menu-heading"> In other projects </div> <div class="vector-menu-content"> <ul class="vector-menu-content-list"> <li class="wb-otherproject-link wb-otherproject-commons mw-list-item"><a href="https://commons.wikimedia.org/wiki/Category:TLS_1.2_handshake" hreflang="en">Wikimedia Commons</a></li><li id="t-wikibase" class="wb-otherproject-link wb-otherproject-wikibase-dataitem mw-list-item"><a href="https://www.wikidata.org/wiki/Special:EntityPage/Q206494" title="Structured data on this page hosted by Wikidata [g]" accesskey="g">Wikidata item</a></li> </ul> </div> </div> </div> </div> </div> </div> </nav> </div> </div> </div> <div class="vector-column-end"> <div class="vector-sticky-pinned-container"> <nav class="vector-page-tools-landmark" aria-label="Page tools"> <div id="vector-page-tools-pinned-container" class="vector-pinned-container"> </div> </nav> <nav class="vector-appearance-landmark" aria-label="Appearance"> <div id="vector-appearance-pinned-container" class="vector-pinned-container"> <div id="vector-appearance" class="vector-appearance vector-pinnable-element"> <div class="vector-pinnable-header vector-appearance-pinnable-header vector-pinnable-header-pinned" data-feature-name="appearance-pinned" data-pinnable-element-id="vector-appearance" data-pinned-container-id="vector-appearance-pinned-container" data-unpinned-container-id="vector-appearance-unpinned-container" > <div class="vector-pinnable-header-label">Appearance</div> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-pin-button" data-event-name="pinnable-header.vector-appearance.pin">move to sidebar</button> <button class="vector-pinnable-header-toggle-button vector-pinnable-header-unpin-button" data-event-name="pinnable-header.vector-appearance.unpin">hide</button> </div> </div> </div> </nav> </div> </div> <div id="bodyContent" class="vector-body" aria-labelledby="firstHeading" data-mw-ve-target-container> <div class="vector-body-before-content"> <div class="mw-indicators"> </div> <div id="siteSub" class="noprint">From Wikipedia, the free encyclopedia</div> </div> <div id="contentSub"><div id="mw-content-subtitle"></div></div> <div id="mw-content-text" class="mw-body-content"><div class="mw-content-ltr mw-parser-output" lang="en" dir="ltr"><div class="shortdescription nomobile noexcerpt noprint searchaux" style="display:none">Cryptographic protocols for securing data in transit</div> <style data-mw-deduplicate="TemplateStyles:r1129693374">.mw-parser-output .hlist dl,.mw-parser-output .hlist ol,.mw-parser-output .hlist ul{margin:0;padding:0}.mw-parser-output .hlist dd,.mw-parser-output .hlist dt,.mw-parser-output .hlist li{margin:0;display:inline}.mw-parser-output .hlist.inline,.mw-parser-output .hlist.inline dl,.mw-parser-output .hlist.inline ol,.mw-parser-output .hlist.inline ul,.mw-parser-output .hlist dl dl,.mw-parser-output .hlist dl ol,.mw-parser-output .hlist dl ul,.mw-parser-output .hlist ol dl,.mw-parser-output .hlist ol ol,.mw-parser-output .hlist ol ul,.mw-parser-output .hlist ul dl,.mw-parser-output .hlist ul ol,.mw-parser-output .hlist ul ul{display:inline}.mw-parser-output .hlist .mw-empty-li{display:none}.mw-parser-output .hlist dt::after{content:": "}.mw-parser-output .hlist dd::after,.mw-parser-output .hlist li::after{content:" · ";font-weight:bold}.mw-parser-output .hlist dd:last-child::after,.mw-parser-output .hlist dt:last-child::after,.mw-parser-output .hlist li:last-child::after{content:none}.mw-parser-output .hlist dd dd:first-child::before,.mw-parser-output .hlist dd dt:first-child::before,.mw-parser-output .hlist dd li:first-child::before,.mw-parser-output .hlist dt dd:first-child::before,.mw-parser-output .hlist dt dt:first-child::before,.mw-parser-output .hlist dt li:first-child::before,.mw-parser-output .hlist li dd:first-child::before,.mw-parser-output .hlist li dt:first-child::before,.mw-parser-output .hlist li li:first-child::before{content:" (";font-weight:normal}.mw-parser-output .hlist dd dd:last-child::after,.mw-parser-output .hlist dd dt:last-child::after,.mw-parser-output .hlist dd li:last-child::after,.mw-parser-output .hlist dt dd:last-child::after,.mw-parser-output .hlist dt dt:last-child::after,.mw-parser-output .hlist dt li:last-child::after,.mw-parser-output .hlist li dd:last-child::after,.mw-parser-output .hlist li dt:last-child::after,.mw-parser-output .hlist li li:last-child::after{content:")";font-weight:normal}.mw-parser-output .hlist ol{counter-reset:listitem}.mw-parser-output .hlist ol>li{counter-increment:listitem}.mw-parser-output .hlist ol>li::before{content:" "counter(listitem)"\a0 "}.mw-parser-output .hlist dd ol>li:first-child::before,.mw-parser-output .hlist dt ol>li:first-child::before,.mw-parser-output .hlist li ol>li:first-child::before{content:" ("counter(listitem)"\a0 "}</style><style data-mw-deduplicate="TemplateStyles:r1246091330">.mw-parser-output .sidebar{width:22em;float:right;clear:right;margin:0.5em 0 1em 1em;background:var(--background-color-neutral-subtle,#f8f9fa);border:1px solid var(--border-color-base,#a2a9b1);padding:0.2em;text-align:center;line-height:1.4em;font-size:88%;border-collapse:collapse;display:table}body.skin-minerva .mw-parser-output .sidebar{display:table!important;float:right!important;margin:0.5em 0 1em 1em!important}.mw-parser-output .sidebar-subgroup{width:100%;margin:0;border-spacing:0}.mw-parser-output .sidebar-left{float:left;clear:left;margin:0.5em 1em 1em 0}.mw-parser-output .sidebar-none{float:none;clear:both;margin:0.5em 1em 1em 0}.mw-parser-output .sidebar-outer-title{padding:0 0.4em 0.2em;font-size:125%;line-height:1.2em;font-weight:bold}.mw-parser-output .sidebar-top-image{padding:0.4em}.mw-parser-output .sidebar-top-caption,.mw-parser-output .sidebar-pretitle-with-top-image,.mw-parser-output .sidebar-caption{padding:0.2em 0.4em 0;line-height:1.2em}.mw-parser-output .sidebar-pretitle{padding:0.4em 0.4em 0;line-height:1.2em}.mw-parser-output .sidebar-title,.mw-parser-output .sidebar-title-with-pretitle{padding:0.2em 0.8em;font-size:145%;line-height:1.2em}.mw-parser-output .sidebar-title-with-pretitle{padding:0.1em 0.4em}.mw-parser-output .sidebar-image{padding:0.2em 0.4em 0.4em}.mw-parser-output .sidebar-heading{padding:0.1em 0.4em}.mw-parser-output .sidebar-content{padding:0 0.5em 0.4em}.mw-parser-output .sidebar-content-with-subgroup{padding:0.1em 0.4em 0.2em}.mw-parser-output .sidebar-above,.mw-parser-output .sidebar-below{padding:0.3em 0.8em;font-weight:bold}.mw-parser-output .sidebar-collapse .sidebar-above,.mw-parser-output .sidebar-collapse .sidebar-below{border-top:1px solid #aaa;border-bottom:1px solid #aaa}.mw-parser-output .sidebar-navbar{text-align:right;font-size:115%;padding:0 0.4em 0.4em}.mw-parser-output .sidebar-list-title{padding:0 0.4em;text-align:left;font-weight:bold;line-height:1.6em;font-size:105%}.mw-parser-output .sidebar-list-title-c{padding:0 0.4em;text-align:center;margin:0 3.3em}@media(max-width:640px){body.mediawiki .mw-parser-output .sidebar{width:100%!important;clear:both;float:none!important;margin-left:0!important;margin-right:0!important}}body.skin--responsive .mw-parser-output .sidebar a>img{max-width:none!important}@media screen{html.skin-theme-clientpref-night .mw-parser-output .sidebar:not(.notheme) .sidebar-list-title,html.skin-theme-clientpref-night .mw-parser-output .sidebar:not(.notheme) .sidebar-title-with-pretitle{background:transparent!important}html.skin-theme-clientpref-night .mw-parser-output .sidebar:not(.notheme) .sidebar-title-with-pretitle a{color:var(--color-progressive)!important}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .sidebar:not(.notheme) .sidebar-list-title,html.skin-theme-clientpref-os .mw-parser-output .sidebar:not(.notheme) .sidebar-title-with-pretitle{background:transparent!important}html.skin-theme-clientpref-os .mw-parser-output .sidebar:not(.notheme) .sidebar-title-with-pretitle a{color:var(--color-progressive)!important}}@media print{body.ns-0 .mw-parser-output .sidebar{display:none!important}}</style><table class="sidebar nomobile nowraplinks hlist"><tbody><tr><th class="sidebar-title"><a href="/wiki/Internet_protocol_suite" title="Internet protocol suite">Internet protocol suite</a></th></tr><tr><th class="sidebar-heading"> <a href="/wiki/Application_layer" title="Application layer">Application layer</a></th></tr><tr><td class="sidebar-content"> <ul><li><a href="/wiki/Border_Gateway_Protocol" title="Border Gateway Protocol">BGP</a></li> <li><a href="/wiki/Dynamic_Host_Configuration_Protocol" title="Dynamic Host Configuration Protocol">DHCP</a> (<a href="/wiki/DHCPv6" title="DHCPv6">v6</a>)</li> <li><a href="/wiki/Domain_Name_System" title="Domain Name System">DNS</a></li> <li><a href="/wiki/File_Transfer_Protocol" title="File Transfer Protocol">FTP</a></li> <li><a href="/wiki/HTTP" title="HTTP">HTTP</a> (<a href="/wiki/HTTP/3" title="HTTP/3">HTTP/3</a>)</li> <li><a href="/wiki/HTTPS" title="HTTPS">HTTPS</a></li> <li><a href="/wiki/Internet_Message_Access_Protocol" title="Internet Message Access Protocol">IMAP</a></li> <li><a href="/wiki/IRC" title="IRC">IRC</a></li> <li><a href="/wiki/Lightweight_Directory_Access_Protocol" title="Lightweight Directory Access Protocol">LDAP</a></li> <li><a href="/wiki/Media_Gateway_Control_Protocol" title="Media Gateway Control Protocol">MGCP</a></li> <li><a href="/wiki/MQTT" title="MQTT">MQTT</a></li> <li><a href="/wiki/Network_News_Transfer_Protocol" title="Network News Transfer Protocol">NNTP</a></li> <li><a href="/wiki/Network_Time_Protocol" title="Network Time Protocol">NTP</a></li> <li><a href="/wiki/Open_Shortest_Path_First" title="Open Shortest Path First">OSPF</a></li> <li><a href="/wiki/Post_Office_Protocol" title="Post Office Protocol">POP</a></li> <li><a href="/wiki/Precision_Time_Protocol" title="Precision Time Protocol">PTP</a></li> <li><a href="/wiki/Open_Network_Computing_Remote_Procedure_Call" class="mw-redirect" title="Open Network Computing Remote Procedure Call">ONC/RPC</a></li> <li><a href="/wiki/Real-time_Transport_Protocol" title="Real-time Transport Protocol">RTP</a></li> <li><a href="/wiki/Real_Time_Streaming_Protocol" class="mw-redirect" title="Real Time Streaming Protocol">RTSP</a></li> <li><a href="/wiki/Routing_Information_Protocol" title="Routing Information Protocol">RIP</a></li> <li><a href="/wiki/Session_Initiation_Protocol" title="Session Initiation Protocol">SIP</a></li> <li><a href="/wiki/Simple_Mail_Transfer_Protocol" title="Simple Mail Transfer Protocol">SMTP</a></li> <li><a href="/wiki/Simple_Network_Management_Protocol" title="Simple Network Management Protocol">SNMP</a></li> <li><a href="/wiki/Secure_Shell" title="Secure Shell">SSH</a></li> <li><a href="/wiki/Telnet" title="Telnet">Telnet</a></li> <li><a class="mw-selflink selflink">TLS/SSL</a></li> <li><a href="/wiki/XMPP" title="XMPP">XMPP</a></li> <li><a href="/wiki/Category:Application_layer_protocols" title="Category:Application layer protocols">more...</a></li></ul></td> </tr><tr><th class="sidebar-heading"> <a href="/wiki/Transport_layer" title="Transport layer">Transport layer</a></th></tr><tr><td class="sidebar-content"> <ul><li><a href="/wiki/Transmission_Control_Protocol" title="Transmission Control Protocol">TCP</a></li> <li><a href="/wiki/User_Datagram_Protocol" title="User Datagram Protocol">UDP</a></li> <li><a href="/wiki/Datagram_Congestion_Control_Protocol" title="Datagram Congestion Control Protocol">DCCP</a></li> <li><a href="/wiki/Stream_Control_Transmission_Protocol" title="Stream Control Transmission Protocol">SCTP</a></li> <li><a href="/wiki/Resource_Reservation_Protocol" title="Resource Reservation Protocol">RSVP</a></li> <li><a href="/wiki/QUIC" title="QUIC">QUIC</a></li> <li><a href="/wiki/Category:Transport_layer_protocols" title="Category:Transport layer protocols">more...</a></li></ul></td> </tr><tr><th class="sidebar-heading"> <a href="/wiki/Internet_layer" title="Internet layer">Internet layer</a></th></tr><tr><td class="sidebar-content"> <ul><li><a href="/wiki/Internet_Protocol" title="Internet Protocol">IP</a> <ul><li><a href="/wiki/IPv4" title="IPv4">v4</a></li> <li><a href="/wiki/IPv6" title="IPv6">v6</a></li></ul></li> <li><a href="/wiki/Internet_Control_Message_Protocol" title="Internet Control Message Protocol">ICMP</a> (<a href="/wiki/ICMPv6" title="ICMPv6">v6</a>)</li> <li><a href="/wiki/Neighbor_Discovery_Protocol" title="Neighbor Discovery Protocol">NDP</a></li> <li><a href="/wiki/Explicit_Congestion_Notification" title="Explicit Congestion Notification">ECN</a></li> <li><a href="/wiki/Internet_Group_Management_Protocol" title="Internet Group Management Protocol">IGMP</a></li> <li><a href="/wiki/IPsec" title="IPsec">IPsec</a></li> <li><a href="/wiki/Category:Internet_layer_protocols" title="Category:Internet layer protocols">more...</a></li></ul></td> </tr><tr><th class="sidebar-heading"> <a href="/wiki/Link_layer" title="Link layer">Link layer</a></th></tr><tr><td class="sidebar-content"> <ul><li><a href="/wiki/Address_Resolution_Protocol" title="Address Resolution Protocol">ARP</a></li> <li><a href="/wiki/Tunneling_protocol" title="Tunneling protocol">Tunnels</a></li> <li><a href="/wiki/Point-to-Point_Protocol" title="Point-to-Point Protocol">PPP</a></li> <li><a href="/wiki/Medium_access_control" title="Medium access control">MAC</a></li> <li><a href="/wiki/Category:Link_protocols" title="Category:Link protocols">more...</a></li></ul></td> </tr><tr><td class="sidebar-navbar"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1239400231">.mw-parser-output .navbar{display:inline;font-size:88%;font-weight:normal}.mw-parser-output .navbar-collapse{float:left;text-align:left}.mw-parser-output .navbar-boxtext{word-spacing:0}.mw-parser-output .navbar ul{display:inline-block;white-space:nowrap;line-height:inherit}.mw-parser-output .navbar-brackets::before{margin-right:-0.125em;content:"[ "}.mw-parser-output .navbar-brackets::after{margin-left:-0.125em;content:" ]"}.mw-parser-output .navbar li{word-spacing:-0.125em}.mw-parser-output .navbar a>span,.mw-parser-output .navbar a>abbr{text-decoration:inherit}.mw-parser-output .navbar-mini abbr{font-variant:small-caps;border-bottom:none;text-decoration:none;cursor:inherit}.mw-parser-output .navbar-ct-full{font-size:114%;margin:0 7em}.mw-parser-output .navbar-ct-mini{font-size:114%;margin:0 4em}html.skin-theme-clientpref-night .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}@media(prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .navbar li a abbr{color:var(--color-base)!important}}@media print{.mw-parser-output .navbar{display:none!important}}</style><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Internet_protocol_suite" title="Template:Internet protocol suite"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Internet_protocol_suite" title="Template talk:Internet protocol suite"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Internet_protocol_suite" title="Special:EditPage/Template:Internet protocol suite"><abbr title="Edit this template">e</abbr></a></li></ul></div></td></tr></tbody></table> Transport Layer Security (TLS) is a <a href="/wiki/Cryptographic_protocol" title="Cryptographic protocol">cryptographic protocol</a> designed to provide communications security over a computer network, such as the <a href="/wiki/Internet" title="Internet">Internet</a>. The <a href="/wiki/Communication_protocol" title="Communication protocol">protocol</a> is widely used in applications such as <a href="/wiki/Email" title="Email">email</a>, <a href="/wiki/Instant_messaging" title="Instant messaging">instant messaging</a>, and <a href="/wiki/Voice_over_IP" title="Voice over IP">voice over IP</a>, but its use in securing <a href="/wiki/HTTPS" title="HTTPS">HTTPS</a> remains the most publicly visible. The TLS protocol aims primarily to provide security, including <a href="/wiki/Privacy" title="Privacy">privacy</a> (confidentiality), integrity, and authenticity through the use of <a href="/wiki/Cryptography" title="Cryptography">cryptography</a>, such as the use of <a href="/wiki/Public_key_certificate" title="Public key certificate">certificates</a>, between two or more communicating computer applications. It runs in the <a href="/wiki/Presentation_layer" title="Presentation layer">presentation layer</a> and is itself composed of two layers: the TLS record and the TLS <a href="/wiki/Handshake_(computing)" title="Handshake (computing)">handshake protocols</a>. The closely related Datagram Transport Layer Security (DTLS) is a <a href="/wiki/Communications_protocol" class="mw-redirect" title="Communications protocol">communications protocol</a> that provides <a href="/wiki/Communications_security" title="Communications security">security</a> to <a href="/wiki/Datagram" title="Datagram">datagram</a>-based applications. In technical writing, references to "(D)TLS" are often seen when it applies to both versions.<a href="#cite_note-1">[1]</a> TLS is a proposed <a href="/wiki/Internet_Engineering_Task_Force" title="Internet Engineering Task Force">Internet Engineering Task Force</a> (IETF) standard, first defined in 1999, and the current version is TLS 1.3, defined in August 2018. TLS builds on the now-deprecated SSL (Secure Sockets Layer) specifications (1994, 1995, 1996) developed by <a href="/wiki/Netscape_Communications" class="mw-redirect" title="Netscape Communications">Netscape Communications</a> for adding the HTTPS protocol to their <a href="/wiki/Netscape_Navigator" title="Netscape Navigator">Netscape Navigator</a> web browser. <meta property="mw:PageProp/toc" /> <div class="mw-heading mw-heading2"><h2 id="Description">Description</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=1" title="Edit section: Description">edit</a>]</div> <a href="/wiki/Client%E2%80%93server_model" title="Client–server model">Client-server</a> applications use the TLS <a href="/wiki/Cryptographic_protocol" title="Cryptographic protocol">protocol</a> to communicate across a network in a way designed to prevent <a href="/wiki/Eavesdropping" title="Eavesdropping">eavesdropping</a> and <a href="/wiki/Tamper-evident" class="mw-redirect" title="Tamper-evident">tampering</a>. Since applications can communicate either with or without TLS (or SSL), it is necessary for the <a href="/wiki/Client_(computing)" title="Client (computing)">client</a> to request that the <a href="/wiki/Server_(computing)" title="Server (computing)">server</a> set up a TLS connection.<a href="#cite_note-:0-2">[2]</a> One of the main ways of achieving this is to use a different <a href="/wiki/Port_(computer_networking)" title="Port (computer networking)">port number</a> for TLS connections. Port 80 is typically used for unencrypted <a href="/wiki/Hypertext_Transfer_Protocol" class="mw-redirect" title="Hypertext Transfer Protocol">HTTP</a> traffic while port 443 is the common port used for encrypted <a href="/wiki/HTTPS" title="HTTPS">HTTPS</a> traffic. Another mechanism is to make a protocol-specific <a href="/wiki/Opportunistic_TLS" title="Opportunistic TLS">STARTTLS</a> request to the server to switch the connection to TLS – for example, when using the mail and <a href="/wiki/Usenet" title="Usenet">news</a> protocols. Once the client and server have agreed to use TLS, they negotiate a <a href="/wiki/State_(computer_science)" title="State (computer science)">stateful</a> connection by using a handshaking procedure (see <a href="#TLS_handshake">§ TLS handshake</a>).<a href="#cite_note-3">[3]</a> The protocols use a handshake with an <a href="/wiki/Asymmetric_cipher" class="mw-redirect" title="Asymmetric cipher">asymmetric cipher</a> to establish not only cipher settings but also a session-specific shared key with which further communication is encrypted using a <a href="/wiki/Symmetric_cipher" class="mw-redirect" title="Symmetric cipher">symmetric cipher</a>. During this handshake, the client and server agree on various parameters used to establish the connection's security: <ul><li>The handshake begins when a client connects to a TLS-enabled server requesting a secure connection and the client presents a list of supported <a href="/wiki/Cipher_suite" title="Cipher suite">cipher suites</a> (<a href="/wiki/Encryption" title="Encryption">ciphers</a> and <a href="/wiki/Hash_function" title="Hash function">hash functions</a>).</li> <li>From this list, the server picks a cipher and hash function that it also supports and notifies the client of the decision.</li> <li>The server usually then provides identification in the form of a <a href="/wiki/Public_key_certificate" title="Public key certificate">digital certificate</a>. The certificate contains the <a href="/wiki/Hostname" title="Hostname">server name</a>, the trusted <a href="/wiki/Certificate_authority" title="Certificate authority">certificate authority</a> (CA) that vouches for the authenticity of the certificate, and the server's public encryption key.</li> <li>The client confirms the validity of the certificate before proceeding.</li> <li>To generate the session keys used for the secure connection, the client either: <ul><li>encrypts a <a href="/wiki/Random_number_generation" title="Random number generation">random number</a> (PreMasterSecret) with the server's public key and sends the result to the server (which only the server should be able to decrypt with its private key); both parties then use the random number to generate a unique session key for subsequent encryption and decryption of data during the session, or</li> <li>uses <a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">Diffie–Hellman key exchange</a> (or its variant <a href="/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" title="Elliptic-curve Diffie–Hellman">elliptic-curve DH</a>) to securely generate a random and unique session key for encryption and decryption that has the additional property of <a href="/wiki/Forward_secrecy" title="Forward secrecy">forward secrecy</a>: if the server's private key is disclosed in future, it cannot be used to decrypt the current session, even if the session is intercepted and recorded by a third party.</li></ul></li></ul> This concludes the handshake and begins the secured connection, which is encrypted and decrypted with the session key until the connection closes. If any one of the above steps fails, then the TLS handshake fails and the connection is not created. TLS and SSL do not fit neatly into any single layer of the <a href="/wiki/OSI_model" title="OSI model">OSI model</a> or the <a href="/wiki/Internet_protocol_suite" title="Internet protocol suite">TCP/IP model</a>.<a href="#cite_note-ccnp-4">[4]</a><a href="#cite_note-stackex_layer-5">[5]</a> TLS runs "on top of some reliable transport protocol (e.g., TCP),"<a href="#cite_note-rfc8446-6">[6]</a>: §1  which would imply that it is above the <a href="/wiki/Transport_layer" title="Transport layer">transport layer</a>. It serves encryption to higher layers, which is normally the function of the <a href="/wiki/Presentation_layer" title="Presentation layer">presentation layer</a>. However, applications generally use TLS as if it were a transport layer,<a href="#cite_note-ccnp-4">[4]</a><a href="#cite_note-stackex_layer-5">[5]</a> even though applications using TLS must actively control initiating TLS handshakes and handling of exchanged authentication certificates.<a href="#cite_note-rfc8446-6">[6]</a>: §1  When secured by TLS, connections between a client (e.g., a web browser) and a server (e.g., wikipedia.org) will have all of the following properties:<a href="#cite_note-rfc8446-6">[6]</a>: §1  <ul><li>The connection is private (or has confidentiality) because a <a href="/wiki/Symmetric-key_algorithm" title="Symmetric-key algorithm">symmetric-key algorithm</a> is used to encrypt the data transmitted. The keys for this symmetric encryption are generated uniquely for each connection and are based on a shared secret that was negotiated at the start of the session. The server and client negotiate the details of which encryption algorithm and cryptographic keys to use before the first byte of data is transmitted (see below). The negotiation of a shared secret is both secure (the negotiated secret is unavailable to eavesdroppers and cannot be obtained, even by an attacker who places themselves in the middle of the connection) and reliable (no attacker can modify the communications during the negotiation without being detected).</li> <li>The identity of the communicating parties can be authenticated using <a href="/wiki/Public-key_cryptography" title="Public-key cryptography">public-key cryptography</a>. This authentication is required for the server and optional for the client.</li> <li>The connection is reliable (or has integrity) because each message transmitted includes a message integrity check using a <a href="/wiki/Message_authentication_code" title="Message authentication code">message authentication code</a> to prevent undetected loss or alteration of the data during transmission.</li></ul> TLS supports many different methods for exchanging keys, encrypting data, and authenticating message integrity. As a result, secure configuration of TLS involves many configurable parameters, and not all choices provide all of the privacy-related properties described in the list above (see the tables below <a href="#Key_exchange_or_key_agreement">§ Key exchange</a>, <a href="#Cipher">§ Cipher security</a>, and <a href="#Data_integrity">§ Data integrity</a>). Attempts have been made to subvert aspects of the communications security that TLS seeks to provide, and the protocol has been revised several times to address these security threats. Developers of web browsers have repeatedly revised their products to defend against potential security weaknesses after these were discovered (see TLS/SSL support history of web browsers). <div class="mw-heading mw-heading3"><h3 id="Datagram_Transport_Layer_Security">Datagram Transport Layer Security</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=2" title="Edit section: Datagram Transport Layer Security">edit</a>]</div> Datagram Transport Layer Security, abbreviated DTLS, is a related <a href="/wiki/Communications_protocol" class="mw-redirect" title="Communications protocol">communications protocol</a> providing <a href="/wiki/Communications_security" title="Communications security">security</a> to <a href="/wiki/Datagram" title="Datagram">datagram</a>-based applications by allowing them to communicate in a way designed<a href="#cite_note-RFC_4347-7">[7]</a><a href="#cite_note-RFC_6347-8">[8]</a> to prevent <a href="/wiki/Eavesdropping" title="Eavesdropping">eavesdropping</a>, <a href="/wiki/Man_in_the_middle_attack" class="mw-redirect" title="Man in the middle attack">tampering</a>, or <a href="/wiki/Message_forgery" title="Message forgery">message forgery</a>. The DTLS protocol is based on the <a href="/wiki/Stream_(computing)" title="Stream (computing)">stream</a>-oriented Transport Layer Security (TLS) protocol and is intended to provide similar security guarantees. However, unlike TLS, it can be used with most datagram oriented protocols including <a href="/wiki/User_Datagram_Protocol" title="User Datagram Protocol">User Datagram Protocol</a> (UDP), <a href="/wiki/Datagram_Congestion_Control_Protocol" title="Datagram Congestion Control Protocol">Datagram Congestion Control Protocol</a> (DCCP), <a href="/wiki/CAPWAP" title="CAPWAP">Control And Provisioning of Wireless Access Points</a> (CAPWAP), <a href="/wiki/Stream_Control_Transmission_Protocol" title="Stream Control Transmission Protocol">Stream Control Transmission Protocol</a> (SCTP) encapsulation, and <a href="/wiki/Secure_Real-time_Transport_Protocol" title="Secure Real-time Transport Protocol">Secure Real-time Transport Protocol</a> (SRTP). As the DTLS protocol datagram preserves the semantics of the underlying transport—the application it does not suffer from the delays associated with stream protocols, however the application has to deal with <a href="/wiki/Packet_reordering" class="mw-redirect" title="Packet reordering">packet reordering</a>, loss of datagram and data larger than the size of a datagram <a href="/wiki/Network_packet" title="Network packet">network packet</a>. Because DTLS uses UDP or SCTP rather than TCP, it avoids the <a href="/wiki/TCP_meltdown_problem" class="mw-redirect" title="TCP meltdown problem">TCP meltdown problem</a>,<a href="#cite_note-9">[9]</a><a href="#cite_note-10">[10]</a> when being used to create a VPN tunnel. The original 2006 release of DTLS version 1.0 was not a standalone document. It was given as a series of deltas to TLS 1.1.<a href="#cite_note-11">[11]</a> Similarly the follow-up 2012 release of DTLS is a delta to TLS 1.2. It was given the version number of DTLS 1.2 to match its TLS version. Lastly, the 2022 DTLS 1.3 is a delta to TLS 1.3. Like the two previous versions, DTLS 1.3 is intended to provide "equivalent security guarantees [to TLS 1.3] with the exception of order protection/non-replayability".<a href="#cite_note-12">[12]</a> Many <a href="/wiki/Virtual_private_network" title="Virtual private network">VPN clients</a> including <a href="/wiki/Cisco" title="Cisco">Cisco</a> <a href="/wiki/AnyConnect" class="mw-redirect" title="AnyConnect">AnyConnect</a><a href="#cite_note-13">[13]</a> & InterCloud Fabric,<a href="#cite_note-14">[14]</a> <a href="/wiki/OpenConnect" title="OpenConnect">OpenConnect</a>,<a href="#cite_note-15">[15]</a> <a href="/wiki/Zscaler" title="Zscaler">ZScaler</a> tunnel,<a href="#cite_note-16">[16]</a> F5 Networks <a href="/wiki/F5_Networks#BIG-IP_product_modules" class="mw-redirect" title="F5 Networks">Edge VPN Client</a>,<a href="#cite_note-17">[17]</a> and Citrix Systems <a href="/wiki/Citrix_Systems#Networking_and_cloud" title="Citrix Systems">NetScaler</a><a href="#cite_note-18">[18]</a> use DTLS to secure UDP traffic. In addition all modern web browsers support DTLS-SRTP<a href="#cite_note-19">[19]</a> for <a href="/wiki/WebRTC" title="WebRTC">WebRTC</a>. <div class="mw-heading mw-heading2"><h2 id="History_and_development">History and development</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=3" title="Edit section: History and development">edit</a>]</div> <table class="wikitable sortable" style="float:right;text-align:center;margin-left:1em"> <caption>SSL and TLS protocols </caption> <tbody><tr> <th scope="col">Protocol </th> <th scope="col">Published </th> <th scope="col">Status </th></tr> <tr> <td scope="row" style="color:black; background-color: #FDB3AB;" title="Old version, no longer maintained" data-sort-value="SSL 1.0">Old version, no longer maintained: SSL 1.0 </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">Unpublished </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">Unpublished </td></tr> <tr> <td scope="row" style="color:black; background-color: #FDB3AB;" title="Old version, no longer maintained" data-sort-value="SSL 2.0">Old version, no longer maintained: SSL 2.0 </td> <td>1995 </td> <td>Deprecated in 2011 (<style data-mw-deduplicate="TemplateStyles:r1238218222">.mw-parser-output cite.citation{font-style:inherit;word-wrap:break-word}.mw-parser-output .citation q{quotes:"\"""\"""'""'"}.mw-parser-output .citation:target{background-color:rgba(0,127,255,0.133)}.mw-parser-output .id-lock-free.id-lock-free a{background:url("//upload.wikimedia.org/wikipedia/commons/6/65/Lock-green.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-limited.id-lock-limited a,.mw-parser-output .id-lock-registration.id-lock-registration a{background:url("//upload.wikimedia.org/wikipedia/commons/d/d6/Lock-gray-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .id-lock-subscription.id-lock-subscription a{background:url("//upload.wikimedia.org/wikipedia/commons/a/aa/Lock-red-alt-2.svg")right 0.1em center/9px no-repeat}.mw-parser-output .cs1-ws-icon a{background:url("//upload.wikimedia.org/wikipedia/commons/4/4c/Wikisource-logo.svg")right 0.1em center/12px no-repeat}body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-free a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-limited a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-registration a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .id-lock-subscription a,body:not(.skin-timeless):not(.skin-minerva) .mw-parser-output .cs1-ws-icon a{background-size:contain;padding:0 1em 0 0}.mw-parser-output .cs1-code{color:inherit;background:inherit;border:none;padding:inherit}.mw-parser-output .cs1-hidden-error{display:none;color:var(--color-error,#d33)}.mw-parser-output .cs1-visible-error{color:var(--color-error,#d33)}.mw-parser-output .cs1-maint{display:none;color:#085;margin-left:0.3em}.mw-parser-output .cs1-kern-left{padding-left:0.2em}.mw-parser-output .cs1-kern-right{padding-right:0.2em}.mw-parser-output .citation .mw-selflink{font-weight:inherit}@media screen{.mw-parser-output .cs1-format{font-size:95%}html.skin-theme-clientpref-night .mw-parser-output .cs1-maint{color:#18911f}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .cs1-maint{color:#18911f}}</style>RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6176">6176</a>) </td></tr> <tr> <td scope="row" style="color:black; background-color: #FDB3AB;" title="Old version, no longer maintained" data-sort-value="SSL 3.0">Old version, no longer maintained: SSL 3.0 </td> <td>1996 </td> <td>Deprecated in 2015 (<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7568">7568</a>) </td></tr> <tr> <td scope="row" style="color:black; background-color: #FDB3AB;" title="Old version, no longer maintained" data-sort-value="TLS 1.0">Old version, no longer maintained: TLS 1.0 </td> <td>1999 </td> <td>Deprecated in 2021 (<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8996">8996</a>)<a href="#cite_note-tls-deprecation-20">[20]</a><a href="#cite_note-:3-21">[21]</a><a href="#cite_note-:4-22">[22]</a> </td></tr> <tr> <td scope="row" style="color:black; background-color: #FDB3AB;" title="Old version, no longer maintained" data-sort-value="TLS 1.1">Old version, no longer maintained: TLS 1.1 </td> <td>2006 </td> <td>Deprecated in 2021 (<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8996">8996</a>)<a href="#cite_note-tls-deprecation-20">[20]</a><a href="#cite_note-:3-21">[21]</a><a href="#cite_note-:4-22">[22]</a> </td></tr> <tr> <td scope="row" class="templateVersion co" style="color:black; background-color: #FEF8C6;" title="Old version, yet still maintained" data-sort-value="TLS 1.2">Old version, yet still maintained: TLS 1.2 </td> <td>2008 </td> <td>In use since 2008<a href="#cite_note-rfc5246-23">[23]</a><a href="#cite_note-ncsc-24">[24]</a> </td></tr> <tr> <td scope="row" class="templateVersion c" style="color:black; background-color: #D4F4B4;" title="Current stable version" data-sort-value="TLS 1.3">Current stable version: TLS 1.3 </td> <td>2018 </td> <td>In use since 2018<a href="#cite_note-ncsc-24">[24]</a><a href="#cite_note-25">[25]</a> </td></tr></tbody></table> <div class="mw-heading mw-heading3"><h3 id="Secure_Data_Network_System">Secure Data Network System</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=4" title="Edit section: Secure Data Network System">edit</a>]</div> The Transport Layer Security Protocol (TLS), together with several other basic network security platforms, was developed through a joint initiative begun in August 1986, among the National Security Agency, the National Bureau of Standards, the Defense Communications Agency, and twelve communications and computer corporations who initiated a special project called the Secure Data Network System (SDNS).<a href="#cite_note-26">[26]</a> The program was described in September 1987 at the 10th National Computer Security Conference in an extensive set of published papers. The innovative research program focused on designing the next generation of secure computer communications network and product specifications to be implemented for applications on public and private internets. It was intended to complement the rapidly emerging new OSI internet standards moving forward both in the U.S. government's GOSIP Profiles and in the huge ITU-ISO JTC1 internet effort internationally. Originally known as the SP4 protocol, it was renamed TLS and subsequently published in 1995 as international standard ITU-T X.274|ISO/IEC 10736:1995. <div class="mw-heading mw-heading3"><h3 id="Secure_Network_Programming_(SNP)">Secure Network Programming (SNP)</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=5" title="Edit section: Secure Network Programming (SNP)">edit</a>]</div> Early research efforts towards transport layer security included the <a href="/wiki/Secure_Network_Programming" title="Secure Network Programming">Secure Network Programming</a> (SNP) <a href="/wiki/Application_programming_interface" class="mw-redirect" title="Application programming interface">application programming interface</a> (API), which in 1993 explored the approach of having a secure transport layer API closely resembling <a href="/wiki/Berkeley_sockets" title="Berkeley sockets">Berkeley sockets</a>, to facilitate retrofitting pre-existing network applications with security measures. SNP was published and presented in the 1994 <a href="/wiki/USENIX" title="USENIX">USENIX</a> Summer Technical Conference.<a href="#cite_note-Woo94-27">[27]</a><a href="#cite_note-28">[28]</a> The SNP project was funded by a grant from <a href="/wiki/National_Security_Agency" title="National Security Agency">NSA</a> to Professor <a href="/wiki/Simon_Lam" class="mw-redirect" title="Simon Lam">Simon Lam</a> at <a href="/wiki/University_of_Texas_at_Austin" title="University of Texas at Austin">UT-Austin</a> in 1991.<a href="#cite_note-29">[29]</a> <a href="/wiki/Secure_Network_Programming" title="Secure Network Programming">Secure Network Programming</a> won the 2004 <a href="/wiki/ACM_Software_System_Award" title="ACM Software System Award">ACM Software System Award</a>.<a href="#cite_note-30">[30]</a><a href="#cite_note-31">[31]</a> Simon Lam was inducted into the <a href="/wiki/Internet_Hall_of_Fame" title="Internet Hall of Fame">Internet Hall of Fame</a> for "inventing secure sockets and implementing the first secure sockets layer, named SNP, in 1993."<a href="#cite_note-32">[32]</a><a href="#cite_note-33">[33]</a> <div class="mw-heading mw-heading3"><h3 id="SSL_1.0,_2.0,_and_3.0">SSL 1.0, 2.0, and 3.0</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=6" title="Edit section: SSL 1.0, 2.0, and 3.0">edit</a>]</div> <style data-mw-deduplicate="TemplateStyles:r1236090951">.mw-parser-output .hatnote{font-style:italic}.mw-parser-output div.hatnote{padding-left:1.6em;margin-bottom:0.5em}.mw-parser-output .hatnote i{font-style:normal}.mw-parser-output .hatnote+link+.hatnote{margin-top:-0.5em}@media print{body.ns-0 .mw-parser-output .hatnote{display:none!important}}</style><div role="note" class="hatnote navigation-not-searchable">"SSL 1" redirects here. For the enzyme, see <a href="/wiki/Presqualene_diphosphate_synthase" title="Presqualene diphosphate synthase">Presqualene diphosphate synthase</a>.</div> Netscape developed the original SSL protocols, and <a href="/wiki/Taher_Elgamal" title="Taher Elgamal">Taher Elgamal</a>, chief scientist at <a href="/wiki/Netscape" title="Netscape">Netscape Communications</a> from 1995 to 1998, has been described as the "father of SSL".<a href="#cite_note-Messmer-34">[34]</a><a href="#cite_note-Greene-35">[35]</a><a href="#cite_note-Oppliger-36">[36]</a><a href="#cite_note-37">[37]</a> SSL version 1.0 was never publicly released because of serious security flaws in the protocol. Version 2.0, after being released in February 1995 was quickly found to contain a number of security and usability flaws. It used the same cryptographic keys for message authentication and encryption. It had a weak MAC construction that used the MD5 hash function with a secret prefix, making it vulnerable to length extension attacks. It also provided no protection for either the opening handshake or an explicit message close, both of which meant <a href="/wiki/Man-in-the-middle_attacks" class="mw-redirect" title="Man-in-the-middle attacks">man-in-the-middle attacks</a> could go undetected. Moreover, SSL 2.0 assumed a single service and a fixed domain certificate, conflicting with the widely used feature of virtual hosting in Web servers, so most websites were effectively impaired from using SSL. These flaws necessitated the complete redesign of the protocol to SSL version 3.0.<a href="#cite_note-38">[38]</a><a href="#cite_note-Oppliger-36">[36]</a> Released in 1996, it was produced by <a href="/wiki/Paul_Carl_Kocher" title="Paul Carl Kocher">Paul Kocher</a> working with Netscape engineers Phil Karlton and Alan Freier, with a reference implementation by Christopher Allen and Tim Dierks of Certicom. Newer versions of SSL/TLS are based on SSL 3.0. The 1996 draft of SSL 3.0 was published by IETF as a historical document in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6101">6101</a>. SSL 2.0 was deprecated in 2011 by <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6176">6176</a>. In 2014, SSL 3.0 was found to be vulnerable to the <a href="/wiki/POODLE" title="POODLE">POODLE</a> attack that affects all <a href="/wiki/Block_cipher" title="Block cipher">block ciphers</a> in SSL; <a href="/wiki/RC4" title="RC4">RC4</a>, the only non-block cipher supported by SSL 3.0, is also feasibly broken as used in SSL 3.0.<a href="#cite_note-Poodle-39">[39]</a> SSL 3.0 was deprecated in June 2015 by <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7568">7568</a>. <div class="mw-heading mw-heading3"><h3 id="TLS_1.0">TLS 1.0</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=7" title="Edit section: TLS 1.0">edit</a>]</div> TLS 1.0 was first defined in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2246">2246</a> in January 1999 as an upgrade of SSL Version 3.0, and written by Christopher Allen and Tim Dierks of Certicom. As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1.0 and SSL 3.0". Tim Dierks later wrote that these changes, and the renaming from "SSL" to "TLS", were a face-saving gesture to Microsoft, "so it wouldn't look [like] the IETF was just rubberstamping Netscape's protocol".<a href="#cite_note-40">[40]</a> The <a href="/wiki/Payment_Card_Industry_Security_Standards_Council" title="Payment Card Industry Security Standards Council">PCI Council</a> suggested that organizations migrate from TLS 1.0 to TLS 1.1 or higher before June 30, 2018.<a href="#cite_note-41">[41]</a><a href="#cite_note-42">[42]</a> In October 2018, <a href="/wiki/Apple_Inc." title="Apple Inc.">Apple</a>, <a href="/wiki/Google" title="Google">Google</a>, <a href="/wiki/Microsoft" title="Microsoft">Microsoft</a>, and <a href="/wiki/Mozilla" title="Mozilla">Mozilla</a> jointly announced they would deprecate TLS 1.0 and 1.1 in March 2020.<a href="#cite_note-tls-deprecation-20">[20]</a> TLS 1.0 and 1.1 were formally deprecated in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8996">8996</a> in March 2021. <div class="mw-heading mw-heading3"><h3 id="TLS_1.1">TLS 1.1</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=8" title="Edit section: TLS 1.1">edit</a>]</div> TLS 1.1 was defined in RFC 4346 in April 2006.<a href="#cite_note-rfc4346-43">[43]</a> It is an update from TLS version 1.0. Significant differences in this version include: <ul><li>Added protection against <a href="/wiki/Block_cipher_mode_of_operation#Cipher_Block_Chaining_(CBC)" title="Block cipher mode of operation">cipher-block chaining</a> (CBC) attacks. <ul><li>The implicit <a href="/wiki/Initialization_vector" title="Initialization vector">initialization vector</a> (IV) was replaced with an explicit IV.</li> <li>Change in handling of <a href="/wiki/Block_cipher_mode_of_operation#Padding" title="Block cipher mode of operation">padding errors</a>.</li></ul></li> <li>Support for <a href="/wiki/Internet_Assigned_Numbers_Authority" title="Internet Assigned Numbers Authority">IANA</a> registration of parameters.<a href="#cite_note-urlnvlpubs.nist.gov-44">[44]</a></li></ul> Support for TLS versions 1.0 and 1.1 was widely deprecated by web sites around 2020, disabling access to <a href="/wiki/Firefox" title="Firefox">Firefox</a> versions before 24 and <a href="/wiki/Chromium_(web_browser)" title="Chromium (web browser)">Chromium-based browsers</a> before 29.<a href="#cite_note-45">[45]</a><a href="#cite_note-46">[46]</a> <div class="mw-heading mw-heading3"><h3 id="TLS_1.2">TLS 1.2</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=9" title="Edit section: TLS 1.2">edit</a>]</div> TLS 1.2 was defined in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5246">5246</a> in August 2008.<a href="#cite_note-rfc5246-23">[23]</a> It is based on the earlier TLS 1.1 specification. Major differences include: <ul><li>The <a href="/wiki/MD5" title="MD5">MD5</a> and <a href="/wiki/SHA-1" title="SHA-1">SHA-1</a> combination in the <a href="/wiki/Pseudorandom_function_family" title="Pseudorandom function family">pseudorandom function</a> (PRF) was replaced with <a href="/wiki/SHA-256" class="mw-redirect" title="SHA-256">SHA-256</a>, with an option to use <a href="/wiki/Cipher_suite" title="Cipher suite">cipher suite</a> specified PRFs.</li> <li>The MD5 and SHA-1 combination in the finished message <a href="/wiki/Hash_function" title="Hash function">hash</a> was replaced with SHA-256, with an option to use cipher suite specific hash algorithms. However, the size of the hash in the finished message must still be at least 96 <a href="/wiki/Bit" title="Bit">bits</a>.<a href="#cite_note-rfc5246-23">[23]</a>: §7.4.9 </li> <li>The MD5 and SHA-1 combination in the digitally signed element was replaced with a single hash negotiated during <a href="/wiki/Handshake_(computing)" title="Handshake (computing)">handshake</a>, which defaults to SHA-1.</li> <li>Enhancement in the client's and server's ability to specify which hashes and signature algorithms they accept.</li> <li>Expansion of support for <a href="/wiki/Authenticated_encryption" title="Authenticated encryption">authenticated encryption</a> ciphers, used mainly for <a href="/wiki/Galois/Counter_Mode" title="Galois/Counter Mode">Galois/Counter Mode</a> (GCM) and <a href="/wiki/CCM_mode" title="CCM mode">CCM mode</a> of <a href="/wiki/Advanced_Encryption_Standard" title="Advanced Encryption Standard">Advanced Encryption Standard</a> (AES) encryption.</li> <li>TLS Extensions definition and AES cipher suites were added.<a href="#cite_note-urlnvlpubs.nist.gov-44">[44]</a></li></ul> All TLS versions were further refined in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6176">6176</a> in March 2011, removing their backward compatibility with SSL such that TLS sessions never negotiate the use of Secure Sockets Layer (SSL) version 2.0. There is currently no formal date for TLS 1.2 to be deprecated. The specifications for TLS 1.2 became redefined as well by the Standards Track Document <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8446">8446</a> to keep it as secure as possible; it is to be seen as a failover protocol now, meant only to be negotiated with clients which are unable to talk over TLS 1.3 (The original RFC 5246 definition for TLS 1.2 is since then obsolete). <div class="mw-heading mw-heading3"><h3 id="TLS_1.3">TLS 1.3</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=10" title="Edit section: TLS 1.3">edit</a>]</div> TLS 1.3 was defined in RFC 8446 in August 2018.<a href="#cite_note-rfc8446-6">[6]</a> It is based on the earlier TLS 1.2 specification. Major differences from TLS 1.2 include:<a href="#cite_note-WolfSSL,_2019-47">[47]</a> <ul><li>Separating key agreement and authentication algorithms from the cipher suites<a href="#cite_note-urlnvlpubs.nist.gov-44">[44]</a><a href="#cite_note-rfc8446-6">[6]</a>: §11 </li> <li>Removing support for weak and less-used named <a href="/wiki/Elliptic-curve_cryptography" title="Elliptic-curve cryptography">elliptic curves</a></li> <li>Removing support for MD5 and SHA-224 <a href="/wiki/Cryptographic_hash_function" title="Cryptographic hash function">cryptographic hash functions</a></li> <li>Requiring digital signatures even when a previous configuration is used</li> <li>Integrating <a href="/wiki/HKDF" title="HKDF">HKDF</a> and the semi-ephemeral DH proposal</li> <li>Replacing resumption with <a href="/wiki/TLS-PSK" title="TLS-PSK">PSK</a> and tickets</li> <li>Supporting 1-<a href="/wiki/Round-trip_delay_time" class="mw-redirect" title="Round-trip delay time">RTT</a> handshakes and initial support for 0-<a href="/wiki/Round-trip_delay_time" class="mw-redirect" title="Round-trip delay time">RTT</a></li> <li>Mandating perfect <a href="/wiki/Forward_secrecy" title="Forward secrecy">forward secrecy</a>, by means of using ephemeral keys during the (EC)DH key agreement</li> <li>Dropping support for many insecure or obsolete features including <a href="/wiki/Data_compression" title="Data compression">compression</a>, renegotiation, non-<a href="/wiki/Authenticated_encryption" title="Authenticated encryption">AEAD</a> ciphers, <a href="/wiki/Null_encryption" title="Null encryption">null ciphers</a>,<a href="#cite_note-48">[48]</a> non-<a href="/wiki/Forward_secrecy" title="Forward secrecy">PFS</a> key exchange (among which are static <a href="/wiki/RSA_(cryptosystem)" title="RSA (cryptosystem)">RSA</a> and static <a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DH</a> key exchanges), custom <a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DHE</a> groups, EC point format negotiation, Change Cipher Spec protocol, Hello message UNIX time, and the length field AD input to AEAD ciphers</li> <li>Prohibiting SSL or RC4 negotiation for backwards compatibility</li> <li>Integrating use of session hash</li> <li>Deprecating use of the record layer version number and freezing the number for improved backwards compatibility</li> <li>Moving some security-related algorithm details from an appendix to the specification and relegating ClientKeyShare to an appendix</li> <li>Adding the <a href="/wiki/ChaCha20" class="mw-redirect" title="ChaCha20">ChaCha20</a> stream cipher with the <a href="/wiki/Poly1305" title="Poly1305">Poly1305</a> message authentication code</li> <li>Adding the <a href="/wiki/Ed25519" class="mw-redirect" title="Ed25519">Ed25519</a> and <a href="/wiki/Ed448" class="mw-redirect" title="Ed448">Ed448</a> digital signature algorithms</li> <li>Adding the <a href="/wiki/X25519" class="mw-redirect" title="X25519">x25519</a> and <a href="/wiki/X448" class="mw-redirect" title="X448">x448</a> key exchange protocols</li> <li>Adding support for sending multiple <a href="/wiki/Online_Certificate_Status_Protocol" title="Online Certificate Status Protocol">OCSP</a> responses</li> <li>Encrypting all handshake messages after the ServerHello</li></ul> <a href="/wiki/Network_Security_Services" title="Network Security Services">Network Security Services</a> (NSS), the cryptography library developed by <a href="/wiki/Mozilla" title="Mozilla">Mozilla</a> and used by its web browser <a href="/wiki/Firefox" title="Firefox">Firefox</a>, enabled TLS 1.3 by default in February 2017.<a href="#cite_note-NSS-3.29-49">[49]</a> TLS 1.3 support was subsequently added — but due to compatibility issues for a small number of users, not automatically enabled<a href="#cite_note-50">[50]</a> — to <a href="/wiki/History_of_Firefox#Firefox_52_through_59" class="mw-redirect" title="History of Firefox">Firefox 52.0</a>, which was released in March 2017. TLS 1.3 was enabled by default in May 2018 with the release of <a href="/wiki/History_of_Firefox#Firefox_60_through_67" class="mw-redirect" title="History of Firefox">Firefox 60.0</a>.<a href="#cite_note-51">[51]</a> <a href="/wiki/Google_Chrome" title="Google Chrome">Google Chrome</a> set TLS 1.3 as the default version for a short time in 2017. It then removed it as the default, due to incompatible middleboxes such as <a href="/wiki/Blue_Coat_Systems" title="Blue Coat Systems">Blue Coat web proxies</a>.<a href="#cite_note-52">[52]</a> The intolerance of the new version of TLS was <a href="/wiki/Protocol_ossification" title="Protocol ossification">protocol ossification</a>; middleboxes had ossified the protocol's version parameter. As a result, version 1.3 mimics the <a href="/wiki/Wire_image_(networking)" class="mw-redirect" title="Wire image (networking)">wire image</a> of version 1.2. This change occurred very late in the design process, only having been discovered during browser deployment.<a href="#cite_note-53">[53]</a> The discovery of this intolerance also led to the prior version negotiation strategy, where the highest matching version was picked, being abandoned due to unworkable levels of ossification.<a href="#cite_note-Thomson-54">[54]</a> '<a href="/wiki/Grease_(networking)" class="mw-redirect" title="Grease (networking)">Greasing</a>' an extension point, where one protocol participant claims support for non-existent extensions to ensure that unrecognised-but-actually-existent extensions are tolerated and so to resist ossification, was originally designed for TLS, but it has since been adopted elsewhere.<a href="#cite_note-Thomson-54">[54]</a> During the IETF 100 <a href="/wiki/Hackathon" title="Hackathon">Hackathon</a>, which took place in <a href="/wiki/Singapore" title="Singapore">Singapore</a> in 2017, the TLS Group worked on adapting <a href="/wiki/Open-source_software" title="Open-source software">open-source applications</a> to use TLS 1.3.<a href="#cite_note-55">[55]</a><a href="#cite_note-ietf-hackathon-56">[56]</a> The TLS group was made up of individuals from Japan, United Kingdom, and Mauritius via the cyberstorm.mu team.<a href="#cite_note-ietf-hackathon-56">[56]</a> This work was continued in the IETF 101 Hackathon in <a href="/wiki/London" title="London">London</a>,<a href="#cite_note-57">[57]</a> and the IETF 102 Hackathon in Montreal.<a href="#cite_note-58">[58]</a> <a href="/wiki/WolfSSL" title="WolfSSL">wolfSSL</a> enabled the use of TLS 1.3 as of version 3.11.1, released in May 2017.<a href="#cite_note-59">[59]</a> As the first commercial TLS 1.3 implementation, wolfSSL 3.11.1 supported Draft 18 and now supports Draft 28,<a href="#cite_note-60">[60]</a> the final version, as well as many older versions. A series of blogs were published on the performance difference between TLS 1.2 and 1.3.<a href="#cite_note-61">[61]</a> In <time datetime="2018-09-11T12:00:00+00:00">September 2018</time>, the popular <a href="/wiki/OpenSSL" title="OpenSSL">OpenSSL</a> project released version 1.1.1 of its library, in which support for TLS 1.3 was "the headline new feature".<a href="#cite_note-62">[62]</a> Support for TLS 1.3 was added to <a href="/wiki/Security_Support_Provider_Interface" title="Security Support Provider Interface">Secure Channel</a> (schannel) for the <abbr title="General Availability">GA</abbr> releases of <a href="/wiki/Windows_11" title="Windows 11">Windows 11</a> and <a href="/wiki/Windows_Server_2022" title="Windows Server 2022">Windows Server 2022</a>.<a href="#cite_note-63">[63]</a> <div class="mw-heading mw-heading4"><h4 id="Enterprise_Transport_Security">Enterprise Transport Security</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=11" title="Edit section: Enterprise Transport Security">edit</a>]</div> The <a href="/wiki/Electronic_Frontier_Foundation" title="Electronic Frontier Foundation">Electronic Frontier Foundation</a> praised TLS 1.3 and expressed concern about the variant protocol Enterprise Transport Security (ETS) that intentionally disables important security measures in TLS 1.3.<a href="#cite_note-:5-64">[64]</a> Originally called Enterprise TLS (eTLS), ETS is a published standard known as the '<a href="/wiki/ETSI" class="mw-redirect" title="ETSI">ETSI</a> TS103523-3', "Middlebox Security Protocol, Part3: Enterprise Transport Security". It is intended for use entirely within proprietary networks such as banking systems. ETS does not support forward secrecy so as to allow third-party organizations connected to the proprietary networks to be able to use their private key to monitor network traffic for the detection of malware and to make it easier to conduct audits.<a href="#cite_note-65">[65]</a><a href="#cite_note-66">[66]</a> Despite the claimed benefits, the EFF warned that the loss of forward secrecy could make it easier for data to be exposed along with saying that there are better ways to analyze traffic.<a href="#cite_note-:5-64">[64]</a> <div class="mw-heading mw-heading2"><h2 id="Digital_certificates">Digital certificates</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=12" title="Edit section: Digital certificates">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/Public_key_certificate" title="Public key certificate">Public key certificate</a></div> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Let%E2%80%99s_Encrypt_example_certificate_on_Firefox_94_screenshot.png" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/3/32/Let%E2%80%99s_Encrypt_example_certificate_on_Firefox_94_screenshot.png/220px-Let%E2%80%99s_Encrypt_example_certificate_on_Firefox_94_screenshot.png" decoding="async" width="220" height="236" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/3/32/Let%E2%80%99s_Encrypt_example_certificate_on_Firefox_94_screenshot.png/330px-Let%E2%80%99s_Encrypt_example_certificate_on_Firefox_94_screenshot.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/3/32/Let%E2%80%99s_Encrypt_example_certificate_on_Firefox_94_screenshot.png/440px-Let%E2%80%99s_Encrypt_example_certificate_on_Firefox_94_screenshot.png 2x" data-file-width="763" data-file-height="817" /></a><figcaption>Example of a website with digital certificate</figcaption></figure> A digital certificate certifies the ownership of a public key by the named subject of the certificate, and indicates certain expected usages of that key. This allows others (relying parties) to rely upon signatures or on assertions made by the private key that corresponds to the certified public key. Keystores and trust stores can be in various formats, such as <a href="/wiki/Privacy-Enhanced_Mail" title="Privacy-Enhanced Mail">.pem</a>, .crt, <a href="/wiki/PKCS_12" title="PKCS 12">.pfx</a>, and <a href="/wiki/Java_KeyStore" title="Java KeyStore">.jks</a>. <div class="mw-heading mw-heading3"><h3 id="Certificate_authorities">Certificate authorities</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=13" title="Edit section: Certificate authorities">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/Certificate_authority" title="Certificate authority">Certificate authority</a></div> TLS typically relies on a set of trusted third-party certificate authorities to establish the authenticity of certificates. Trust is usually anchored in a list of certificates distributed with user agent software,<a href="#cite_note-67">[67]</a> and can be modified by the relying party. According to <a href="/wiki/Netcraft" title="Netcraft">Netcraft</a>, who monitors active TLS certificates, the market-leading certificate authority (CA) has been <a href="/wiki/NortonLifeLock" class="mw-redirect" title="NortonLifeLock">Symantec</a> since the beginning of their survey (or <a href="/wiki/Verisign" title="Verisign">VeriSign</a> before the authentication services business unit was purchased by Symantec). As of 2015, Symantec accounted for just under a third of all certificates and 44% of the valid certificates used by the 1 million busiest websites, as counted by Netcraft.<a href="#cite_note-68">[68]</a> In 2017, Symantec sold its TLS/SSL business to DigiCert.<a href="#cite_note-69">[69]</a> In an updated report, it was shown that <a href="/wiki/IdenTrust" title="IdenTrust">IdenTrust</a>, <a href="/wiki/DigiCert" title="DigiCert">DigiCert</a>, and <a href="/wiki/Sectigo" class="mw-redirect" title="Sectigo">Sectigo</a> are the top 3 certificate authorities in terms of market share since May 2019.<a href="#cite_note-70">[70]</a> As a consequence of choosing <a href="/wiki/X.509" title="X.509">X.509</a> certificates, certificate authorities and a <a href="/wiki/Public_key_infrastructure" title="Public key infrastructure">public key infrastructure</a> are necessary to verify the relation between a certificate and its owner, as well as to generate, sign, and administer the validity of certificates. While this can be more convenient than verifying the identities via a <a href="/wiki/Web_of_trust" title="Web of trust">web of trust</a>, the <a href="/wiki/Global_surveillance_disclosures_(2013%E2%80%93present)" class="mw-redirect" title="Global surveillance disclosures (2013–present)">2013 mass surveillance disclosures</a> made it more widely known that certificate authorities are a weak point from a security standpoint, allowing <a href="/wiki/Man-in-the-middle_attack" title="Man-in-the-middle attack">man-in-the-middle attacks</a> (MITM) if the certificate authority cooperates (or is compromised).<a href="#cite_note-71">[71]</a><a href="#cite_note-72">[72]</a> <div class="mw-heading mw-heading3"><h3 id="Importance_of_SSL_Certificates">Importance of SSL Certificates</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=14" title="Edit section: Importance of SSL Certificates">edit</a>]</div> <ul><li>Encryption: SSL certificates encrypt data sent between a web server and a user’s browser, ensuring that sensitive information is protected throughout transmission. This encryption technology stops unauthorized parties from intercepting and interpreting data, so protecting it from possible risks such as hacking or data breaches.</li> <li>Authentication: SSL certificates also offer authentication, certifying the integrity of a website and that visitors are connecting to the correct server rather than a malicious impostor. This authentication method helps consumers gain trust by ensuring that they are dealing with a trustworthy and secure website.</li> <li>Integrity: Another important role of SSL certificates is to ensure data integrity. SSL uses cryptographic techniques to verify that data communicated between the server and the browser is intact and unmodified during transit. This keeps malevolent actors from interfering with the data, ensuring its integrity and trustworthiness.</li></ul> <div class="mw-heading mw-heading2"><h2 id="Algorithms">Algorithms</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=15" title="Edit section: Algorithms">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">See also: <a href="/wiki/Cipher_suite" title="Cipher suite">Cipher suite</a></div> <div class="mw-heading mw-heading3"><h3 id="Key_exchange_or_key_agreement">Key exchange or key agreement</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=16" title="Edit section: Key exchange or key agreement">edit</a>]</div> Before a client and server can begin to exchange information protected by TLS, they must securely exchange or agree upon an encryption key and a cipher to use when encrypting data (see <a href="#Cipher">§ Cipher</a>). Among the methods used for key exchange/agreement are: public and private keys generated with <a href="/wiki/RSA_(algorithm)" class="mw-redirect" title="RSA (algorithm)">RSA</a> (denoted TLS_RSA in the TLS handshake protocol), <a href="/wiki/Diffie%E2%80%93Hellman" class="mw-redirect" title="Diffie–Hellman">Diffie–Hellman</a> (TLS_DH), ephemeral Diffie–Hellman (TLS_DHE), <a href="/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" title="Elliptic-curve Diffie–Hellman">elliptic-curve Diffie–Hellman</a> (TLS_ECDH), ephemeral elliptic-curve Diffie–Hellman (TLS_ECDHE), <a href="/wiki/Key-agreement_protocol#Exponential_key_exchange" title="Key-agreement protocol">anonymous Diffie–Hellman</a> (TLS_DH_anon),<a href="#cite_note-rfc5246-23">[23]</a> <a href="/wiki/TLS-PSK" title="TLS-PSK">pre-shared key</a> (TLS_PSK)<a href="#cite_note-RFC4279-73">[73]</a> and <a href="/wiki/TLS-SRP" title="TLS-SRP">Secure Remote Password</a> (TLS_SRP).<a href="#cite_note-RFC5054-74">[74]</a> The TLS_DH_anon and TLS_ECDH_anon key agreement methods do not authenticate the server or the user and hence are rarely used because those are vulnerable to <a href="/wiki/Man-in-the-middle_attack" title="Man-in-the-middle attack">man-in-the-middle attacks</a>. Only TLS_DHE and TLS_ECDHE provide <a href="#Forward_secrecy">forward secrecy</a>. Public key certificates used during exchange/agreement also vary in the size of the public/private encryption keys used during the exchange and hence the robustness of the security provided. In July 2013, <a href="/wiki/Google" title="Google">Google</a> announced that it would no longer use 1024-bit public keys and would switch instead to 2048-bit keys to increase the security of the TLS encryption it provides to its users because the encryption strength is directly related to the <a href="/wiki/Key_size" title="Key size">key size</a>.<a href="#cite_note-75">[75]</a><a href="#cite_note-76">[76]</a> <table class="wikitable" style="text-align:center"> <caption>Key exchange/agreement and authentication </caption> <tbody><tr> <th scope="col">Algorithm </th> <th scope="col">SSL 2.0 </th> <th scope="col">SSL 3.0 </th> <th scope="col">TLS 1.0 </th> <th scope="col">TLS 1.1 </th> <th scope="col">TLS 1.2 </th> <th scope="col">TLS 1.3 </th> <th scope="col">Status </th></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/RSA_(cryptosystem)" title="RSA (cryptosystem)">RSA</a> </th> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td rowspan="21">Defined for TLS 1.2 in RFCs </td></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DH</a>-<a href="/wiki/RSA_(cryptosystem)" title="RSA (cryptosystem)">RSA</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No </td></tr> <tr> <th style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DHE</a>-<a href="/wiki/RSA_(cryptosystem)" title="RSA (cryptosystem)">RSA</a> (<a href="#Forward_secrecy">forward secrecy</a>) </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" title="Elliptic-curve Diffie–Hellman">ECDH</a>-<a href="/wiki/RSA_(cryptosystem)" title="RSA (cryptosystem)">RSA</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No </td></tr> <tr> <th style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><a href="/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" title="Elliptic-curve Diffie–Hellman">ECDHE</a>-<a href="/wiki/RSA_(cryptosystem)" title="RSA (cryptosystem)">RSA</a> (forward secrecy) </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DH</a>-<a href="/wiki/Digital_Signature_Algorithm" title="Digital Signature Algorithm">DSS</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No </td></tr> <tr> <th style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DHE</a>-<a href="/wiki/Digital_Signature_Algorithm" title="Digital Signature Algorithm">DSS</a> (forward secrecy) </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No<a href="#cite_note-77">[77]</a> </td></tr> <tr> <th style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DHE</a>-<a href="/wiki/Elliptic_Curve_DSA" class="mw-redirect" title="Elliptic Curve DSA">ECDSA</a> (forward secrecy) </th> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" title="Elliptic-curve Diffie–Hellman">ECDH</a>-<a href="/wiki/Elliptic_Curve_DSA" class="mw-redirect" title="Elliptic Curve DSA">ECDSA</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No </td></tr> <tr> <th style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><a href="/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" title="Elliptic-curve Diffie–Hellman">ECDHE</a>-<a href="/wiki/Elliptic_Curve_DSA" class="mw-redirect" title="Elliptic Curve DSA">ECDSA</a> (forward secrecy) </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td></tr> <tr> <th style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DHE</a>-<a href="/wiki/EdDSA" title="EdDSA">EdDSA</a> (forward secrecy) </th> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" title="Elliptic-curve Diffie–Hellman">ECDH</a>-<a href="/wiki/EdDSA" title="EdDSA">EdDSA</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No </td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No </td></tr> <tr> <th style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><a href="/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" title="Elliptic-curve Diffie–Hellman">ECDHE</a>-<a href="/wiki/EdDSA" title="EdDSA">EdDSA</a> (forward secrecy)<a href="#cite_note-78">[78]</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No </td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/TLS-PSK" title="TLS-PSK">PSK</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/RSA_(cryptosystem)" title="RSA (cryptosystem)">RSA</a>-<a href="/wiki/Pre-shared_key" title="Pre-shared key">PSK</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No </td></tr> <tr> <th style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DHE</a>-<a href="/wiki/Pre-shared_key" title="Pre-shared key">PSK</a> (forward secrecy) </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td></tr> <tr> <th style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><a href="/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" title="Elliptic-curve Diffie–Hellman">ECDHE</a>-<a href="/wiki/Pre-shared_key" title="Pre-shared key">PSK</a> (forward secrecy) </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/TLS-SRP" title="TLS-SRP">SRP</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No </td></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/Secure_Remote_Password_protocol" title="Secure Remote Password protocol">SRP</a>-<a href="/wiki/Digital_Signature_Algorithm" title="Digital Signature Algorithm">DSS</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No </td></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/Secure_Remote_Password_protocol" title="Secure Remote Password protocol">SRP</a>-<a href="/wiki/RSA_(cryptosystem)" title="RSA (cryptosystem)">RSA</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No </td></tr> <tr> <th style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends"><a href="/wiki/Kerberos_(protocol)" title="Kerberos (protocol)">Kerberos</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background: var(--background-color-interactive, #EEE); color: var(--color-base, black); vertical-align: middle; white-space: nowrap; text-align: center;" class="table-Unknown">? </td></tr> <tr> <th style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no"><a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DH</a>-ANON (insecure) </th> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Yes</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Yes</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Yes</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">No </td></tr> <tr> <th style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no"><a href="/wiki/Elliptic-curve_Diffie%E2%80%93Hellman" title="Elliptic-curve Diffie–Hellman">ECDH</a>-ANON (insecure) </th> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Yes</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Yes</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">No </td></tr> <tr> <th style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2"><a href="/wiki/GOST" title="GOST">GOST R 34.10-2012</a><a href="#cite_note-gostlink-79">[79]</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td> <td>Defined for TLS 1.2 and for TLS 1.3 in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9189">9189</a>, <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9367">9367</a>. </td></tr></tbody></table> <div class="mw-heading mw-heading3"><h3 id="Cipher">Cipher</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=17" title="Edit section: Cipher">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">See also: <a href="/wiki/Cipher_suite" title="Cipher suite">Cipher suite</a>, <a href="/wiki/Block_cipher" title="Block cipher">Block cipher</a>, and <a href="/wiki/Cipher_security_summary" title="Cipher security summary">Cipher security summary</a></div> <table class="wikitable" style="text-align:center"> <caption><a href="/wiki/Cipher" title="Cipher">Cipher</a> security against publicly known feasible attacks </caption> <tbody><tr> <th colspan="3">Cipher</th> <th colspan="6">Protocol version</th> <th rowspan="2">Status </th></tr> <tr> <th>Type </th> <th>Algorithm </th> <th>Nominal strength (bits) </th> <th>SSL 2.0 </th> <th>SSL 3.0<a href="#cite_note-rfc5746-80">[n 1]</a><a href="#cite_note-renegotiation-81">[n 2]</a><a href="#cite_note-BEAST-82">[n 3]</a><a href="#cite_note-POODLEciphertable-83">[n 4]</a> </th> <th>TLS 1.0<a href="#cite_note-rfc5746-80">[n 1]</a><a href="#cite_note-BEAST-82">[n 3]</a> </th> <th>TLS 1.1<a href="#cite_note-rfc5746-80">[n 1]</a> </th> <th>TLS 1.2<a href="#cite_note-rfc5746-80">[n 1]</a> </th> <th>TLS 1.3 </th></tr> <tr> <th rowspan="17"><a href="/wiki/Block_cipher" title="Block cipher">Block cipher</a> with <a href="/wiki/Block_cipher_mode_of_operation" title="Block cipher mode of operation">mode of operation</a> </th> <th><a href="/wiki/Advanced_Encryption_Standard" title="Advanced Encryption Standard">AES</a> <a href="/wiki/Galois/Counter_Mode" title="Galois/Counter Mode">GCM</a><a href="#cite_note-aes-gcm-84">[80]</a><a href="#cite_note-aead-85">[n 5]</a> </th> <td rowspan="3">256, 128 </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">Secure</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">Secure</td> <td rowspan="9">Defined for TLS 1.2 in RFCs </td></tr> <tr> <th><a href="/wiki/Advanced_Encryption_Standard" title="Advanced Encryption Standard">AES</a> <a href="/wiki/CCM_mode" title="CCM mode">CCM</a><a href="#cite_note-aes-ccm-86">[81]</a><a href="#cite_note-aead-85">[n 5]</a> </th> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">Secure</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">Secure </td></tr> <tr> <th><a href="/wiki/Advanced_Encryption_Standard" title="Advanced Encryption Standard">AES</a> <a href="/wiki/Cipher_block_chaining" class="mw-redirect" title="Cipher block chaining">CBC</a><a href="#cite_note-Lucky13-87">[n 6]</a> </th> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th><a href="/wiki/Camellia_(cipher)" title="Camellia (cipher)">Camellia</a> <a href="/wiki/Galois/Counter_Mode" title="Galois/Counter Mode">GCM</a><a href="#cite_note-camellia-gcm-88">[82]</a><a href="#cite_note-aead-85">[n 5]</a> </th> <td rowspan="2">256, 128 </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">Secure</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th><a href="/wiki/Camellia_(cipher)" title="Camellia (cipher)">Camellia</a> <a href="/wiki/Cipher_block_chaining" class="mw-redirect" title="Cipher block chaining">CBC</a><a href="#cite_note-camellia-cbc-89">[83]</a><a href="#cite_note-Lucky13-87">[n 6]</a> </th> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th><a href="/wiki/ARIA_(cipher)" title="ARIA (cipher)">ARIA</a> <a href="/wiki/Galois/Counter_Mode" title="Galois/Counter Mode">GCM</a><a href="#cite_note-aria-90">[84]</a><a href="#cite_note-aead-85">[n 5]</a> </th> <td rowspan="2">256, 128 </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">Secure</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th><a href="/wiki/ARIA_(cipher)" title="ARIA (cipher)">ARIA</a> <a href="/wiki/Cipher_block_chaining" class="mw-redirect" title="Cipher block chaining">CBC</a><a href="#cite_note-aria-90">[84]</a><a href="#cite_note-Lucky13-87">[n 6]</a> </th> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th><a href="/wiki/SEED_(cipher)" class="mw-redirect" title="SEED (cipher)">SEED</a> <a href="/wiki/Cipher_block_chaining" class="mw-redirect" title="Cipher block chaining">CBC</a><a href="#cite_note-seed-cbc-91">[85]</a><a href="#cite_note-Lucky13-87">[n 6]</a> </th> <td>128 </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on mitigations</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th><a href="/wiki/Triple_DES" title="Triple DES">3DES EDE</a> <a href="/wiki/Cipher_block_chaining" class="mw-redirect" title="Cipher block chaining">CBC</a><a href="#cite_note-Lucky13-87">[n 6]</a><a href="#cite_note-Sweet32-93">[n 7]</a> </th> <td>112<a href="#cite_note-3des-96">[n 8]</a> </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th><a href="/wiki/GOST_(block_cipher)" title="GOST (block cipher)">GOST R 34.12-2015 Magma</a> <a href="/wiki/Block_cipher_mode_of_operation#Counter_(CTR)" title="Block cipher mode of operation">CTR</a><a href="#cite_note-gostlink-79">[79]</a><a href="#cite_note-Sweet32-93">[n 7]</a> </th> <td>256 </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td>Defined in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4357">4357</a>, <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9189">9189</a> </td></tr> <tr> <th><a href="/wiki/Kuznyechik" title="Kuznyechik">GOST R 34.12-2015 Kuznyechik</a> <a href="/wiki/Block_cipher_mode_of_operation#Counter_(CTR)" title="Block cipher mode of operation">CTR</a><a href="#cite_note-gostlink-79">[79]</a> </th> <td>256 </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">Secure </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td>Defined in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9189">9189</a> </td></tr> <tr> <th><a href="/wiki/GOST_(block_cipher)" title="GOST (block cipher)">GOST R 34.12-2015 Magma</a> <a href="/wiki/Authenticated_encryption" title="Authenticated encryption">MGM</a><a href="#cite_note-gostlink-79">[79]</a><a href="#cite_note-aead-85">[n 5]</a><a href="#cite_note-Sweet32-93">[n 7]</a> </th> <td>256 </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure </td> <td>Defined in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9367">9367</a> </td></tr> <tr> <th><a href="/wiki/Kuznyechik" title="Kuznyechik">GOST R 34.12-2015 Kuznyechik</a> <a href="/wiki/Authenticated_encryption" title="Authenticated encryption">MGM</a><a href="#cite_note-gostlink-79">[79]</a><a href="#cite_note-aead-85">[n 5]</a> </th> <td>256 </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">Secure </td> <td>Defined in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9367">9367</a> </td></tr> <tr> <th><a href="/wiki/International_Data_Encryption_Algorithm" title="International Data Encryption Algorithm">IDEA</a> <a href="/wiki/Cipher_block_chaining" class="mw-redirect" title="Cipher block chaining">CBC</a><a href="#cite_note-Lucky13-87">[n 6]</a><a href="#cite_note-Sweet32-93">[n 7]</a><a href="#cite_note-removal_from_tls1.2-98">[n 9]</a> </th> <td>128 </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td rowspan="2">Removed from TLS 1.2 </td></tr> <tr> <th rowspan="2"><a href="/wiki/Data_Encryption_Standard" title="Data Encryption Standard">DES</a> <a href="/wiki/Cipher_block_chaining" class="mw-redirect" title="Cipher block chaining">CBC</a><a href="#cite_note-Lucky13-87">[n 6]</a><a href="#cite_note-Sweet32-93">[n 7]</a><a href="#cite_note-removal_from_tls1.2-98">[n 9]</a> </th> <td>056 </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <td>040<a href="#cite_note-EXPORT-99">[n 10]</a> </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td rowspan="2">Forbidden in TLS 1.1 and later </td></tr> <tr> <th><a href="/wiki/RC2" title="RC2">RC2</a> <a href="/wiki/Cipher_block_chaining" class="mw-redirect" title="Cipher block chaining">CBC</a><a href="#cite_note-Lucky13-87">[n 6]</a><a href="#cite_note-Sweet32-93">[n 7]</a> </th> <td>040<a href="#cite_note-EXPORT-99">[n 10]</a> </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th rowspan="3"><a href="/wiki/Stream_cipher" title="Stream cipher">Stream cipher</a> </th> <th><a href="/wiki/ChaCha20" class="mw-redirect" title="ChaCha20">ChaCha20</a>-<a href="/wiki/Poly1305" title="Poly1305">Poly1305</a><a href="#cite_note-chacha20poly1305-100">[90]</a><a href="#cite_note-aead-85">[n 5]</a> </th> <td>256 </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">Secure</td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">Secure</td> <td>Defined for TLS 1.2 in RFCs </td></tr> <tr> <th rowspan="2"><a href="/wiki/RC4" title="RC4">RC4</a><a href="#cite_note-RC4-101">[n 11]</a> </th> <td>128 </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td rowspan="2">Prohibited in all versions of TLS by <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7465">7465</a> </td></tr> <tr> <td>040<a href="#cite_note-EXPORT-99">[n 10]</a> </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th>None </th> <th>Null<a href="#cite_note-102">[n 12]</a> </th> <td>– </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure</td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">—</td> <td>Defined for TLS 1.2 in RFCs </td></tr></tbody></table> <dl><dt>Notes</dt></dl> <style data-mw-deduplicate="TemplateStyles:r1239543626">.mw-parser-output .reflist{margin-bottom:0.5em;list-style-type:decimal}@media screen{.mw-parser-output .reflist{font-size:90%}}.mw-parser-output .reflist .references{font-size:100%;margin-bottom:0;list-style-type:inherit}.mw-parser-output .reflist-columns-2{column-width:30em}.mw-parser-output .reflist-columns-3{column-width:25em}.mw-parser-output .reflist-columns{margin-top:0.3em}.mw-parser-output .reflist-columns ol{margin-top:0}.mw-parser-output .reflist-columns li{page-break-inside:avoid;break-inside:avoid-column}.mw-parser-output .reflist-upper-alpha{list-style-type:upper-alpha}.mw-parser-output .reflist-upper-roman{list-style-type:upper-roman}.mw-parser-output .reflist-lower-alpha{list-style-type:lower-alpha}.mw-parser-output .reflist-lower-greek{list-style-type:lower-greek}.mw-parser-output .reflist-lower-roman{list-style-type:lower-roman}</style><div class="reflist"> <div class="mw-references-wrap mw-references-columns"><ol class="references"> <li id="cite_note-rfc5746-80">^ <a href="#cite_ref-rfc5746_80-0">a</a> <a href="#cite_ref-rfc5746_80-1">b</a> <a href="#cite_ref-rfc5746_80-2">c</a> <a href="#cite_ref-rfc5746_80-3">d</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5746">5746</a> must be implemented to fix a renegotiation flaw that would otherwise break this protocol. </li> <li id="cite_note-renegotiation-81"><a href="#cite_ref-renegotiation_81-0">^</a> If libraries implement fixes listed in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5746">5746</a>, this violates the SSL 3.0 specification, which the IETF cannot change unlike TLS. Most current libraries implement the fix and disregard the violation that this causes. </li> <li id="cite_note-BEAST-82">^ <a href="#cite_ref-BEAST_82-0">a</a> <a href="#cite_ref-BEAST_82-1">b</a> The <a href="#BEAST_attack">BEAST</a> attack breaks all block ciphers (CBC ciphers) used in SSL 3.0 and TLS 1.0 unless mitigated by the client or the server. See <a href="#Web_browsers">§ Web browsers</a>. </li> <li id="cite_note-POODLEciphertable-83"><a href="#cite_ref-POODLEciphertable_83-0">^</a> The <a href="/wiki/POODLE" title="POODLE">POODLE</a> attack breaks all block ciphers (CBC ciphers) used in SSL 3.0 unless mitigated by the client or the server. See <a href="#Web_browsers">§ Web browsers</a>. </li> <li id="cite_note-aead-85">^ <a href="#cite_ref-aead_85-0">a</a> <a href="#cite_ref-aead_85-1">b</a> <a href="#cite_ref-aead_85-2">c</a> <a href="#cite_ref-aead_85-3">d</a> <a href="#cite_ref-aead_85-4">e</a> <a href="#cite_ref-aead_85-5">f</a> <a href="#cite_ref-aead_85-6">g</a> <a href="/wiki/AEAD_block_cipher_modes_of_operation" class="mw-redirect" title="AEAD block cipher modes of operation">AEAD</a> ciphers (such as <a href="/wiki/Galois/Counter_Mode" title="Galois/Counter Mode">GCM</a> and <a href="/wiki/CCM_mode" title="CCM mode">CCM</a>) can only be used in TLS 1.2 or later. </li> <li id="cite_note-Lucky13-87">^ <a href="#cite_ref-Lucky13_87-0">a</a> <a href="#cite_ref-Lucky13_87-1">b</a> <a href="#cite_ref-Lucky13_87-2">c</a> <a href="#cite_ref-Lucky13_87-3">d</a> <a href="#cite_ref-Lucky13_87-4">e</a> <a href="#cite_ref-Lucky13_87-5">f</a> <a href="#cite_ref-Lucky13_87-6">g</a> <a href="#cite_ref-Lucky13_87-7">h</a> CBC ciphers can be attacked with the <a href="/wiki/Lucky_Thirteen_attack" title="Lucky Thirteen attack">Lucky Thirteen attack</a> if the library is not written carefully to eliminate timing side channels. </li> <li id="cite_note-Sweet32-93">^ <a href="#cite_ref-Sweet32_93-0">a</a> <a href="#cite_ref-Sweet32_93-1">b</a> <a href="#cite_ref-Sweet32_93-2">c</a> <a href="#cite_ref-Sweet32_93-3">d</a> <a href="#cite_ref-Sweet32_93-4">e</a> <a href="#cite_ref-Sweet32_93-5">f</a> The <a href="/wiki/Sweet32" class="mw-redirect" title="Sweet32">Sweet32</a> attack breaks block ciphers with a block size of 64 bits.<a href="#cite_note-Sweet32-92">[86]</a> </li> <li id="cite_note-3des-96"><a href="#cite_ref-3des_96-0">^</a> Although the key length of 3DES is 168 bits, effective security strength of 3DES is only 112 bits,<a href="#cite_note-NIST_SP_800-57-94">[87]</a> which is below the recommended minimum of 128 bits.<a href="#cite_note-best-practices-95">[88]</a> </li> <li id="cite_note-removal_from_tls1.2-98">^ <a href="#cite_ref-removal_from_tls1.2_98-0">a</a> <a href="#cite_ref-removal_from_tls1.2_98-1">b</a> IDEA and DES have been removed from TLS 1.2.<a href="#cite_note-97">[89]</a> </li> <li id="cite_note-EXPORT-99">^ <a href="#cite_ref-EXPORT_99-0">a</a> <a href="#cite_ref-EXPORT_99-1">b</a> <a href="#cite_ref-EXPORT_99-2">c</a> 40-bit strength cipher suites were intentionally designed with reduced key lengths to comply with since-rescinded US regulations forbidding the export of cryptographic software containing certain strong encryption algorithms (see <a href="/wiki/Export_of_cryptography_from_the_United_States" title="Export of cryptography from the United States">Export of cryptography from the United States</a>). These weak suites are forbidden in TLS 1.1 and later. </li> <li id="cite_note-RC4-101"><a href="#cite_ref-RC4_101-0">^</a> Use of RC4 in all versions of TLS is prohibited by <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7465">7465</a> (because <a href="#RC4_attacks">RC4 attacks</a> weaken or break RC4 used in SSL/TLS). </li> <li id="cite_note-102"><a href="#cite_ref-102">^</a> Authentication only, no encryption. </li> </ol></div></div> <div class="mw-heading mw-heading3"><h3 id="Data_integrity">Data integrity</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=18" title="Edit section: Data integrity">edit</a>]</div> A <a href="/wiki/Message_authentication_code" title="Message authentication code">message authentication code</a> (MAC) is used for data integrity. <a href="/wiki/HMAC" title="HMAC">HMAC</a> is used for <a href="/wiki/Cipher_block_chaining" class="mw-redirect" title="Cipher block chaining">CBC</a> mode of block ciphers. <a href="/wiki/Authenticated_encryption" title="Authenticated encryption">Authenticated encryption</a> (AEAD) such as <a href="/wiki/Galois/Counter_Mode" title="Galois/Counter Mode">GCM</a> and <a href="/wiki/CCM_mode" title="CCM mode">CCM mode</a> uses AEAD-integrated MAC and does not use <a href="/wiki/HMAC" title="HMAC">HMAC</a>.<a href="#cite_note-rfc8446-6">[6]</a>: §8.4  HMAC-based <a href="/wiki/Pseudorandom_function_family" title="Pseudorandom function family">PRF</a>, or <a href="/wiki/HKDF" title="HKDF">HKDF</a> is used for TLS handshake. <table class="wikitable" style="text-align:center"> <caption>Data integrity </caption> <tbody><tr> <th scope="col">Algorithm </th> <th scope="col">SSL 2.0 </th> <th scope="col">SSL 3.0 </th> <th scope="col">TLS 1.0 </th> <th scope="col">TLS 1.1 </th> <th scope="col">TLS 1.2 </th> <th scope="col">TLS 1.3 </th> <th scope="col">Status </th></tr> <tr> <th scope="row"><a href="/wiki/HMAC" title="HMAC">HMAC</a>-<a href="/wiki/MD5" title="MD5">MD5</a> </th> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td rowspan="4">Defined for TLS 1.2 in RFCs </td></tr> <tr> <th scope="row"><a href="/wiki/HMAC" title="HMAC">HMAC</a>-<a href="/wiki/SHA-1" title="SHA-1">SHA1</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No </td></tr> <tr> <th scope="row"><a href="/wiki/HMAC" title="HMAC">HMAC</a>-<a href="/wiki/SHA-2" title="SHA-2">SHA256/384</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No </td></tr> <tr> <th scope="row"><a href="/wiki/AEAD_block_cipher_modes_of_operation" class="mw-redirect" title="AEAD block cipher modes of operation">AEAD</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes </td></tr> <tr> <th scope="row"><a href="/wiki/GOST_28147-89" class="mw-redirect" title="GOST 28147-89">GOST 28147-89 IMIT</a><a href="#cite_note-gostlink-79">[79]</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td>Defined for TLS 1.2 in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9189">9189</a>. </td></tr> <tr> <th scope="row"><a href="/wiki/Kuznyechik" title="Kuznyechik">GOST R 34.12-2015</a> <a href="/wiki/AEAD_block_cipher_modes_of_operation" class="mw-redirect" title="AEAD block cipher modes of operation">AEAD</a><a href="#cite_note-gostlink-79">[79]</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">No</td> <td style="background:#9EFF9E;color:black;vertical-align:middle;text-align:center;" class="table-yes">Yes</td> <td>Defined for TLS 1.3 in <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9367">9367</a>. </td></tr></tbody></table> <div class="mw-heading mw-heading2"><h2 id="Applications_and_adoption">Applications and adoption</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=19" title="Edit section: Applications and adoption">edit</a>]</div> In applications design, TLS is usually implemented on top of Transport Layer protocols, encrypting all of the protocol-related data of protocols such as <a href="/wiki/Hypertext_Transfer_Protocol" class="mw-redirect" title="Hypertext Transfer Protocol">HTTP</a>, <a href="/wiki/File_Transfer_Protocol" title="File Transfer Protocol">FTP</a>, <a href="/wiki/Simple_Mail_Transfer_Protocol" title="Simple Mail Transfer Protocol">SMTP</a>, <a href="/wiki/Network_News_Transfer_Protocol" title="Network News Transfer Protocol">NNTP</a> and <a href="/wiki/XMPP" title="XMPP">XMPP</a>. Historically, TLS has been used primarily with reliable transport protocols such as the <a href="/wiki/Transmission_Control_Protocol" title="Transmission Control Protocol">Transmission Control Protocol</a> (TCP). However, it has also been implemented with datagram-oriented transport protocols, such as the <a href="/wiki/User_Datagram_Protocol" title="User Datagram Protocol">User Datagram Protocol</a> (UDP) and the <a href="/wiki/Datagram_Congestion_Control_Protocol" title="Datagram Congestion Control Protocol">Datagram Congestion Control Protocol</a> (DCCP), usage of which has been standardized independently using the term <a href="/wiki/Datagram_Transport_Layer_Security" title="Datagram Transport Layer Security">Datagram Transport Layer Security</a> (DTLS). <div class="mw-heading mw-heading3"><h3 id="Websites">Websites</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=20" title="Edit section: Websites">edit</a>]</div> A primary use of TLS is to secure <a href="/wiki/World_Wide_Web" title="World Wide Web">World Wide Web</a> traffic between a <a href="/wiki/Website" title="Website">website</a> and a <a href="/wiki/Web_browser" title="Web browser">web browser</a> encoded with the HTTP protocol. This use of TLS to secure HTTP traffic constitutes the <a href="/wiki/HTTPS" title="HTTPS">HTTPS</a> protocol.<a href="#cite_note-103">[91]</a> <table class="wikitable" style="text-align:center"> <caption>Website protocol support (May 2024) </caption> <tbody><tr> <th scope="col">Protocol version </th> <th scope="col">Website support<a href="#cite_note-trustworthy_ssl_pulse-104">[92]</a> </th> <th scope="col">Security<a href="#cite_note-trustworthy_ssl_pulse-104">[92]</a><a href="#cite_note-community.qualys-105">[93]</a> </th></tr> <tr> <th scope="row" style="color:black; background-color: #FDB3AB;" title="Old version, no longer maintained" data-sort-value="SSL 2.0">Old version, no longer maintained: SSL 2.0 </th> <td>0.1% </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure </td></tr> <tr> <th scope="row" style="color:black; background-color: #FDB3AB;" title="Old version, no longer maintained" data-sort-value="SSL 3.0">Old version, no longer maintained: SSL 3.0 </th> <td>1.4% </td> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">Insecure<a href="#cite_note-poodle_pdf-106">[94]</a> </td></tr> <tr> <th scope="row" style="color:black; background-color: #FDB3AB;" title="Old version, no longer maintained" data-sort-value="TLS 1.0">Old version, no longer maintained: TLS 1.0 </th> <td>27.9% </td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Deprecated<a href="#cite_note-tls-deprecation-20">[20]</a><a href="#cite_note-:3-21">[21]</a><a href="#cite_note-:4-22">[22]</a> </td></tr> <tr> <th scope="row" style="color:black; background-color: #FDB3AB;" title="Old version, no longer maintained" data-sort-value="TLS 1.1">Old version, no longer maintained: TLS 1.1 </th> <td>30.0% </td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Deprecated<a href="#cite_note-tls-deprecation-20">[20]</a><a href="#cite_note-:3-21">[21]</a><a href="#cite_note-:4-22">[22]</a> </td></tr> <tr> <th scope="row" class="templateVersion co" style="color:black; background-color: #FEF8C6;" title="Old version, yet still maintained" data-sort-value="TLS 1.2">Old version, yet still maintained: TLS 1.2 </th> <td>99.9% </td> <td style="background: #FED; color:black; vertical-align: middle; text-align: center;" class="depends table-depends">Depends on cipher<a href="#cite_note-ciphers-107">[n 1]</a> and client mitigations<a href="#cite_note-mitigations-108">[n 2]</a> </td></tr> <tr> <th scope="row" class="templateVersion c" style="color:black; background-color: #D4F4B4;" title="Current stable version" data-sort-value="TLS 1.3">Current stable version: TLS 1.3 </th> <td>70.1% </td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">Secure </td></tr></tbody></table> <dl><dt>Notes</dt></dl> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239543626"><div class="reflist"> <div class="mw-references-wrap"><ol class="references"> <li id="cite_note-ciphers-107"><a href="#cite_ref-ciphers_107-0">^</a> see <a href="#Cipher">§ Cipher</a> table above </li> <li id="cite_note-mitigations-108"><a href="#cite_ref-mitigations_108-0">^</a> see <a href="#Web_browsers">§ Web browsers</a> and <a href="#Attacks_against_TLS/SSL">§ Attacks against TLS/SSL</a> sections </li> </ol></div></div> <div class="mw-heading mw-heading3"><h3 id="Web_browsers">Web browsers</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=21" title="Edit section: Web browsers">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Further information on TLS/SSL support in web browsers: <a href="/wiki/Version_history_for_TLS/SSL_support_in_web_browsers" title="Version history for TLS/SSL support in web browsers">Version history for TLS/SSL support in web browsers</a> and <a href="/wiki/Comparison_of_web_browsers" title="Comparison of web browsers">Comparison of web browsers</a></div> As of April 2016<a class="external text" href="https://en.wikipedia.org/w/index.php?title=Transport_Layer_Security&action=edit">[update]</a>, the latest versions of all major web browsers support TLS 1.0, 1.1, and 1.2, and have them enabled by default. However, not all supported <a href="/wiki/List_of_Microsoft_operating_systems" title="List of Microsoft operating systems">Microsoft operating systems</a> support the latest version of IE. Additionally, many Microsoft operating systems currently support multiple versions of IE, but this has changed according to Microsoft's <a rel="nofollow" class="external text" href="https://learn.microsoft.com/en-US/lifecycle/faq/internet-explorer-microsoft-edge">Internet Explorer Support Lifecycle Policy FAQ</a> <a rel="nofollow" class="external text" href="https://web.archive.org/web/20230620172533/https://learn.microsoft.com/en-us/lifecycle/faq/internet-explorer-microsoft-edge">Archived</a> 2023-06-20 at the <a href="/wiki/Wayback_Machine" title="Wayback Machine">Wayback Machine</a>, "beginning January 12, 2016, only the most current version of Internet Explorer available for a supported operating system will receive technical support and security updates." The page then goes on to list the latest supported version of IE at that date for each operating system. The next critical date would be when an operating system reaches the end of life stage. Since June 15, 2022, <a href="/wiki/Internet_Explorer_11" title="Internet Explorer 11">Internet Explorer 11</a> dropped support for <a href="/wiki/Windows_10_editions" title="Windows 10 editions">Windows 10 editions</a> which follow Microsoft's Modern Lifecycle Policy.<a href="#cite_note-109">[95]</a><a href="#cite_note-110">[96]</a> Mitigations against known attacks are not enough yet: <ul><li>Mitigations against <a href="#POODLE_attack">POODLE attack</a>: some browsers already prevent fallback to SSL 3.0; however, this mitigation needs to be supported by not only clients but also servers. Disabling SSL 3.0 itself, implementation of "anti-POODLE record splitting", or denying CBC ciphers in SSL 3.0 is required. <ul><li>Google Chrome: complete (TLS_FALLBACK_SCSV is implemented since version 33, fallback to SSL 3.0 is disabled since version 39, SSL 3.0 itself is disabled by default since version 40. Support of SSL 3.0 itself was dropped since version 44.)</li> <li>Mozilla Firefox: complete (support of SSL 3.0 itself is dropped since <a href="/wiki/History_of_Firefox#Version_38–44" class="mw-redirect" title="History of Firefox">version 39</a>. SSL 3.0 itself is disabled by default and fallback to SSL 3.0 are disabled since <a href="/wiki/History_of_Firefox#Version_31–37" class="mw-redirect" title="History of Firefox">version 34</a>, TLS_FALLBACK_SCSV is implemented since version 35. In ESR, SSL 3.0 itself is disabled by default and TLS_FALLBACK_SCSV is implemented since ESR 31.3.0.)</li> <li>Internet Explorer: partial (only in version 11, SSL 3.0 is disabled by default since April 2015. Version 10 and older are still vulnerable against POODLE.)</li> <li><a href="/wiki/Opera_(web_browser)" title="Opera (web browser)">Opera</a>: complete (TLS_FALLBACK_SCSV is implemented since version 20, "anti-POODLE record splitting", which is effective only with client-side implementation, is implemented since version 25, SSL 3.0 itself is disabled by default since version 27. Support of SSL 3.0 itself will be dropped since version 31.)</li> <li>Safari: complete (only on OS X 10.8 and later and iOS 8, CBC ciphers during fallback to SSL 3.0 is denied, but this means it will use RC4, which is not recommended as well. Support of SSL 3.0 itself is dropped on OS X 10.11 and later and iOS 9.)</li></ul></li> <li>Mitigation against <a href="#RC4_attacks">RC4 attacks</a>: <ul><li>Google Chrome disabled RC4 except as a fallback since version 43. RC4 is disabled since Chrome 48.</li> <li>Firefox disabled RC4 except as a fallback since version 36. Firefox 44 disabled RC4 by default.</li> <li>Opera disabled RC4 except as a fallback since version 30. RC4 is disabled since Opera 35.</li> <li>Internet Explorer for <a href="/wiki/Windows_7" title="Windows 7">Windows 7</a>/Server 2008 R2 and for <a href="/wiki/Windows_8" title="Windows 8">Windows 8</a>/Server 2012 have set the priority of RC4 to lowest and can also disable RC4 except as a fallback through registry settings. Internet Explorer 11 Mobile 11 for <a href="/wiki/Windows_Phone_8.1" title="Windows Phone 8.1">Windows Phone 8.1</a> disable RC4 except as a fallback if no other enabled algorithm works. Edge and IE 11 disable RC4 completely in August 2016.</li></ul></li> <li>Mitigation against <a href="#FREAK">FREAK attack</a>: <ul><li>The Android Browser included with <a href="/wiki/Android_Ice_Cream_Sandwich" title="Android Ice Cream Sandwich">Android 4.0</a> and older is still vulnerable to the FREAK attack.</li> <li>Internet Explorer 11 Mobile is still vulnerable to the FREAK attack.</li> <li>Google Chrome, Internet Explorer (desktop), Safari (desktop & mobile), and Opera (mobile) have FREAK mitigations in place.</li> <li>Mozilla Firefox on all platforms and Google Chrome on Windows were not affected by FREAK.</li></ul></li></ul> <div class="mw-heading mw-heading3"><h3 id="Libraries">Libraries</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=22" title="Edit section: Libraries">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/Comparison_of_TLS_implementations" title="Comparison of TLS implementations">Comparison of TLS implementations</a></div><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Further information on protocol version support in libraries: <a href="/wiki/Comparison_of_TLS_implementations#TLS_version_support" title="Comparison of TLS implementations">Comparison of TLS implementations § TLS version support</a></div> Most SSL and TLS programming libraries are <a href="/wiki/Free_and_open-source_software" title="Free and open-source software">free and open-source software</a>. <ul><li><a href="/wiki/BoringSSL" class="mw-redirect" title="BoringSSL">BoringSSL</a>, a fork of OpenSSL for Chrome/Chromium and Android as well as other Google applications.</li> <li><a href="/wiki/Botan_(programming_library)" title="Botan (programming library)">Botan</a>, a BSD-licensed cryptographic library written in C++.</li> <li><a href="/wiki/BSAFE" title="BSAFE">BSAFE</a> Micro Edition Suite: a multi-platform implementation of TLS written in <a href="/wiki/C_(programming_language)" title="C (programming language)">C</a> using a FIPS-validated cryptographic module</li> <li><a href="/wiki/BSAFE" title="BSAFE">BSAFE</a> SSL-J: a TLS library providing both a proprietary API and <a href="/wiki/Java_Secure_Socket_Extension" title="Java Secure Socket Extension">JSSE</a> API, using FIPS-validated cryptographic module</li> <li><a href="/wiki/Cryptlib" title="Cryptlib">cryptlib</a>: a portable open source cryptography library (includes TLS/SSL implementation)</li> <li><a href="/wiki/Delphi_(programming_language)" class="mw-redirect" title="Delphi (programming language)">Delphi</a> programmers may use a library called <a href="/wiki/Internet_Direct" title="Internet Direct">Indy</a> which utilizes <a href="/wiki/OpenSSL" title="OpenSSL">OpenSSL</a> or alternatively ICS which supports TLS 1.3 now.</li> <li><a href="/wiki/GnuTLS" title="GnuTLS">GnuTLS</a>: a free implementation (LGPL licensed)</li> <li><a href="/wiki/Java_Secure_Socket_Extension" title="Java Secure Socket Extension">Java Secure Socket Extension</a> (JSSE): the <a href="/wiki/Java_(programming_language)" title="Java (programming language)">Java</a> API and provider implementation (named SunJSSE)<a href="#cite_note-111">[97]</a></li> <li><a href="/wiki/LibreSSL" title="LibreSSL">LibreSSL</a>: a fork of OpenSSL by OpenBSD project.</li> <li><a href="/wiki/MatrixSSL" title="MatrixSSL">MatrixSSL</a>: a dual licensed implementation</li> <li><a href="/wiki/Mbed_TLS" title="Mbed TLS">Mbed TLS</a> (previously PolarSSL): A tiny SSL library implementation for embedded devices that is designed for ease of use</li> <li><a href="/wiki/Network_Security_Services" title="Network Security Services">Network Security Services</a>: <a href="/wiki/FIPS_140" title="FIPS 140">FIPS 140</a> validated open source library</li> <li><a href="/wiki/OpenSSL" title="OpenSSL">OpenSSL</a>: a free implementation (BSD license with some extensions)</li> <li><a href="/wiki/Security_Support_Provider_Interface" title="Security Support Provider Interface">Schannel</a>: an implementation of SSL and TLS <a href="/wiki/Microsoft_Windows" title="Microsoft Windows">Microsoft Windows</a> as part of its package.</li> <li><a href="/wiki/Secure_Transport" class="mw-redirect" title="Secure Transport">Secure Transport</a>: an implementation of SSL and TLS used in <a href="/wiki/OS_X" class="mw-redirect" title="OS X">OS X</a> and <a href="/wiki/IOS" title="IOS">iOS</a> as part of their packages.</li> <li><a href="/wiki/WolfSSL" title="WolfSSL">wolfSSL</a> (previously CyaSSL): Embedded SSL/TLS Library with a strong focus on speed and size.</li></ul> A paper presented at the 2012 <a href="/wiki/Association_for_Computing_Machinery" title="Association for Computing Machinery">ACM</a> <a href="/wiki/Computer_security_conference" title="Computer security conference">conference on computer and communications security</a><a href="#cite_note-112">[98]</a> showed that many applications used some of these SSL libraries incorrectly, leading to vulnerabilities. According to the authors: <blockquote>"The root cause of most of these vulnerabilities is the terrible design of the APIs to the underlying SSL libraries. Instead of expressing high-level security properties of network tunnels such as confidentiality and authentication, these APIs expose low-level details of the SSL protocol to application developers. As a consequence, developers often use SSL APIs incorrectly, misinterpreting and misunderstanding their manifold parameters, options, side effects, and return values."</blockquote> <div class="mw-heading mw-heading3"><h3 id="Other_uses">Other uses</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=23" title="Edit section: Other uses">edit</a>]</div> The <a href="/wiki/Simple_Mail_Transfer_Protocol" title="Simple Mail Transfer Protocol">Simple Mail Transfer Protocol</a> (SMTP) can also be protected by TLS. These applications use <a href="/wiki/Public_key_certificate" title="Public key certificate">public key certificates</a> to verify the identity of endpoints. TLS can also be used for tunnelling an entire network stack to create a <a href="/wiki/Virtual_private_network" title="Virtual private network">VPN</a>, which is the case with <a href="/wiki/OpenVPN" title="OpenVPN">OpenVPN</a> and <a href="/wiki/OpenConnect" title="OpenConnect">OpenConnect</a>. Many vendors have by now married TLS's encryption and authentication capabilities with authorization. There has also been substantial development since the late 1990s in creating client technology outside of Web-browsers, in order to enable support for client/server applications. Compared to traditional <a href="/wiki/IPsec" title="IPsec">IPsec</a> VPN technologies, TLS has some inherent advantages in firewall and <a href="/wiki/Network_address_translation" title="Network address translation">NAT</a> traversal that make it easier to administer for large remote-access populations. TLS is also a standard method for protecting <a href="/wiki/Session_Initiation_Protocol" title="Session Initiation Protocol">Session Initiation Protocol</a> (SIP) application signaling. TLS can be used for providing authentication and encryption of the SIP signalling associated with <a href="/wiki/Voice_over_IP" title="Voice over IP">VoIP</a> and other SIP-based applications.<a href="#cite_note-113">[99]</a> <div class="mw-heading mw-heading2"><h2 id="Security">Security</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=24" title="Edit section: Security">edit</a>]</div> <div class="mw-heading mw-heading3"><h3 id="Attacks_against_TLS/SSL">Attacks against TLS/SSL</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=25" title="Edit section: Attacks against TLS/SSL">edit</a>]</div> Significant attacks against TLS/SSL are listed below. In February 2015, IETF issued an informational RFC<a href="#cite_note-114">[100]</a> summarizing the various known attacks against TLS/SSL. <div class="mw-heading mw-heading4"><h4 id="Renegotiation_attack">Renegotiation attack</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=26" title="Edit section: Renegotiation attack">edit</a>]</div> A vulnerability of the renegotiation procedure was discovered in August 2009 that can lead to plaintext injection attacks against SSL 3.0 and all current versions of TLS.<a href="#cite_note-115">[101]</a> For example, it allows an attacker who can hijack an https connection to splice their own requests into the beginning of the conversation the client has with the web server. The attacker cannot actually decrypt the client–server communication, so it is different from a typical man-in-the-middle attack. A short-term fix is for web servers to stop allowing renegotiation, which typically will not require other changes unless <a href="/wiki/Client_certificate" title="Client certificate">client certificate</a> authentication is used. To fix the vulnerability, a renegotiation indication extension was proposed for TLS. It will require the client and server to include and verify information about previous handshakes in any renegotiation handshakes.<a href="#cite_note-116">[102]</a> This extension has become a proposed standard and has been assigned the number <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5746">5746</a>. The RFC has been implemented by several libraries.<a href="#cite_note-117">[103]</a><a href="#cite_note-118">[104]</a><a href="#cite_note-119">[105]</a> <div class="mw-heading mw-heading4"><h4 id="Downgrade_attacks:_FREAK_attack_and_Logjam_attack">Downgrade attacks: FREAK attack and Logjam attack</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=27" title="Edit section: Downgrade attacks: FREAK attack and Logjam attack">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main articles: <a href="/wiki/Downgrade_attack" title="Downgrade attack">Downgrade attack</a>, <a href="/wiki/FREAK" title="FREAK">FREAK</a>, and <a href="/wiki/Logjam_(computer_security)" title="Logjam (computer security)">Logjam (computer security)</a></div> A protocol <a href="/wiki/Downgrade_attack" title="Downgrade attack">downgrade attack</a> (also called a version rollback attack) tricks a web server into negotiating connections with previous versions of TLS (such as SSLv2) that have long since been abandoned as insecure. Previous modifications to the original protocols, like False Start<a href="#cite_note-120">[106]</a> (adopted and enabled by Google Chrome<a href="#cite_note-121">[107]</a>) or Snap Start, reportedly introduced limited TLS protocol downgrade attacks<a href="#cite_note-122">[108]</a> or allowed modifications to the cipher suite list sent by the client to the server. In doing so, an attacker might succeed in influencing the cipher suite selection in an attempt to downgrade the cipher suite negotiated to use either a weaker symmetric encryption algorithm or a weaker key exchange.<a href="#cite_note-123">[109]</a> A paper presented at an <a href="/wiki/Association_for_Computing_Machinery" title="Association for Computing Machinery">ACM</a> <a href="/wiki/Computer_security_conference" title="Computer security conference">conference on computer and communications security</a> in 2012 demonstrated that the False Start extension was at risk: in certain circumstances it could allow an attacker to recover the encryption keys offline and to access the encrypted data.<a href="#cite_note-124">[110]</a> Encryption downgrade attacks can force servers and clients to negotiate a connection using cryptographically weak keys. In 2014, a <a href="/wiki/Man-in-the-middle" class="mw-redirect" title="Man-in-the-middle">man-in-the-middle</a> attack called FREAK was discovered affecting the <a href="/wiki/OpenSSL" title="OpenSSL">OpenSSL</a> stack, the default <a href="/wiki/Android_(operating_system)" title="Android (operating system)">Android</a> web browser, and some <a href="/wiki/Safari_(web_browser)" title="Safari (web browser)">Safari</a> browsers.<a href="#cite_note-125">[111]</a> The attack involved tricking servers into negotiating a TLS connection using cryptographically weak 512 bit encryption keys. Logjam is a <a href="/wiki/Security_exploit" class="mw-redirect" title="Security exploit">security exploit</a> discovered in May 2015 that exploits the option of using legacy <a href="/wiki/Arms_Export_Control_Act" title="Arms Export Control Act">"export-grade"</a> 512-bit <a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">Diffie–Hellman</a> groups dating back to the 1990s.<a href="#cite_note-126">[112]</a> It forces susceptible servers to downgrade to cryptographically weak 512-bit Diffie–Hellman groups. An attacker can then deduce the keys the client and server determine using the <a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">Diffie–Hellman key exchange</a>. <div class="mw-heading mw-heading4"><h4 id="Cross-protocol_attacks:_DROWN">Cross-protocol attacks: DROWN</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=28" title="Edit section: Cross-protocol attacks: DROWN">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/DROWN_attack" title="DROWN attack">DROWN attack</a></div> The <a href="/wiki/DROWN_attack" title="DROWN attack">DROWN attack</a> is an exploit that attacks servers supporting contemporary SSL/TLS protocol suites by exploiting their support for the obsolete, insecure, SSLv2 protocol to leverage an attack on connections using up-to-date protocols that would otherwise be secure.<a href="#cite_note-127">[113]</a><a href="#cite_note-ars201603-128">[114]</a> DROWN exploits a vulnerability in the protocols used and the configuration of the server, rather than any specific implementation error. Full details of DROWN were announced in March 2016, together with a patch for the exploit. At that time, more than 81,000 of the top 1 million most popular websites were among the TLS protected websites that were vulnerable to the DROWN attack.<a href="#cite_note-ars201603-128">[114]</a> <div class="mw-heading mw-heading4"><h4 id="BEAST_attack">BEAST attack</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=29" title="Edit section: BEAST attack">edit</a>]</div> On September 23, 2011, researchers Thai Duong and Juliano Rizzo demonstrated a proof of concept called BEAST (Browser Exploit Against SSL/TLS)<a href="#cite_note-DuongRizzo-129">[115]</a> using a <a href="/wiki/Java_applet" title="Java applet">Java applet</a> to violate <a href="/wiki/Same_origin_policy" class="mw-redirect" title="Same origin policy">same origin policy</a> constraints, for a long-known <a href="/wiki/Cipher_block_chaining" class="mw-redirect" title="Cipher block chaining">cipher block chaining</a> (CBC) vulnerability in TLS 1.0:<a href="#cite_note-DanGoodin-130">[116]</a><a href="#cite_note-combinator-131">[117]</a> an attacker observing 2 consecutive ciphertext blocks C0, C1 can test if the plaintext block P1 is equal to x by choosing the next plaintext block P2 = x ⊕ C0 ⊕ C1; as per CBC operation, C2 = E(C1 ⊕ P2) = E(C1 ⊕ x ⊕ C0 ⊕ C1) = E(C0 ⊕ x), which will be equal to C1 if x = P1. Practical <a href="/wiki/Exploit_(computer_security)" title="Exploit (computer security)">exploits</a> had not been previously demonstrated for this <a href="/wiki/Vulnerability_(computing)" class="mw-redirect" title="Vulnerability (computing)">vulnerability</a>, which was originally discovered by <a href="/wiki/Phillip_Rogaway" title="Phillip Rogaway">Phillip Rogaway</a><a href="#cite_note-132">[118]</a> in 2002. The vulnerability of the attack had been fixed with TLS 1.1 in 2006, but TLS 1.1 had not seen wide adoption prior to this attack demonstration. <a href="/wiki/RC4" title="RC4">RC4</a> as a stream cipher is immune to BEAST attack. Therefore, RC4 was widely used as a way to mitigate BEAST attack on the server side. However, in 2013, researchers found more weaknesses in RC4. Thereafter enabling RC4 on server side was no longer recommended.<a href="#cite_note-133">[119]</a> Chrome and Firefox themselves are not vulnerable to BEAST attack,<a href="#cite_note-ChromeBEAST-134">[120]</a><a href="#cite_note-FirefoxBEAST-135">[121]</a> however, Mozilla updated their <a href="/wiki/Network_Security_Services" title="Network Security Services">NSS</a> libraries to mitigate BEAST-like <a href="/wiki/Attack_(computing)" class="mw-redirect" title="Attack (computing)">attacks</a>. NSS is used by <a href="/wiki/Mozilla_Firefox" class="mw-redirect" title="Mozilla Firefox">Mozilla Firefox</a> and <a href="/wiki/Google_Chrome" title="Google Chrome">Google Chrome</a> to implement SSL. Some <a href="/wiki/Web_server" title="Web server">web servers</a> that have a broken implementation of the SSL specification may stop working as a result.<a href="#cite_note-136">[122]</a> <a href="/wiki/Microsoft" title="Microsoft">Microsoft</a> released Security Bulletin MS12-006 on January 10, 2012, which fixed the BEAST vulnerability by changing the way that the Windows Secure Channel (<a href="/wiki/Schannel" class="mw-redirect" title="Schannel">Schannel</a>) component transmits encrypted network packets from the server end.<a href="#cite_note-MS12-006-137">[123]</a> Users of Internet Explorer (prior to version 11) that run on older versions of Windows (<a href="/wiki/Windows_7" title="Windows 7">Windows 7</a>, <a href="/wiki/Windows_8" title="Windows 8">Windows 8</a> and <a href="/wiki/Windows_Server_2008" title="Windows Server 2008">Windows Server 2008 R2</a>) can restrict use of TLS to 1.1 or higher. <a href="/wiki/Apple_Inc." title="Apple Inc.">Apple</a> fixed BEAST vulnerability by implementing 1/n-1 split and turning it on by default in <a href="/wiki/OS_X_Mavericks" title="OS X Mavericks">OS X Mavericks</a>, released on October 22, 2013.<a href="#cite_note-138">[124]</a> <div class="mw-heading mw-heading4"><h4 id="CRIME_and_BREACH_attacks"> CRIME and BREACH attacks</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=30" title="Edit section: CRIME and BREACH attacks">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main articles: <a href="/wiki/CRIME" title="CRIME">CRIME</a> and <a href="/wiki/BREACH" title="BREACH">BREACH</a></div> The authors of the BEAST attack are also the creators of the later <a href="/wiki/CRIME" title="CRIME">CRIME</a> attack, which can allow an attacker to recover the content of web cookies when <a href="/wiki/Data_compression" title="Data compression">data compression</a> is used along with TLS.<a href="#cite_note-139">[125]</a><a href="#cite_note-140">[126]</a> When used to recover the content of secret <a href="/wiki/Authentication_cookie" class="mw-redirect" title="Authentication cookie">authentication cookies</a>, it allows an attacker to perform <a href="/wiki/Session_hijacking" title="Session hijacking">session hijacking</a> on an authenticated web session. While the CRIME attack was presented as a general attack that could work effectively against a large number of protocols, including but not limited to TLS, and application-layer protocols such as <a href="/wiki/SPDY" title="SPDY">SPDY</a> or <a href="/wiki/HTTP" title="HTTP">HTTP</a>, only exploits against TLS and SPDY were demonstrated and largely mitigated in browsers and servers. The CRIME exploit against <a href="/wiki/HTTP_compression" title="HTTP compression">HTTP compression</a> has not been mitigated at all, even though the authors of CRIME have warned that this vulnerability might be even more widespread than SPDY and TLS compression combined. In 2013 a new instance of the CRIME attack against HTTP compression, dubbed <a href="/wiki/BREACH" title="BREACH">BREACH</a>, was announced. Based on the CRIME attack a BREACH attack can extract login tokens, email addresses or other sensitive information from TLS encrypted web traffic in as little as 30 seconds (depending on the number of bytes to be extracted), provided the attacker tricks the victim into visiting a malicious web link or is able to inject content into valid pages the user is visiting (ex: a wireless network under the control of the attacker).<a href="#cite_note-Gooin20130801-141">[127]</a> All versions of TLS and SSL are at risk from BREACH regardless of the encryption algorithm or cipher used.<a href="#cite_note-142">[128]</a> Unlike previous instances of CRIME, which can be successfully defended against by turning off TLS compression or SPDY header compression, BREACH exploits HTTP compression which cannot realistically be turned off, as virtually all web servers rely upon it to improve data transmission speeds for users.<a href="#cite_note-Gooin20130801-141">[127]</a> This is a known limitation of TLS as it is susceptible to <a href="/wiki/Chosen-plaintext_attack" title="Chosen-plaintext attack">chosen-plaintext attack</a> against the application-layer data it was meant to protect. <div class="mw-heading mw-heading4"><h4 id="Timing_attacks_on_padding">Timing attacks on padding</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=31" title="Edit section: Timing attacks on padding">edit</a>]</div> Earlier TLS versions were vulnerable against the <a href="/wiki/Padding_oracle_attack" title="Padding oracle attack">padding oracle attack</a> discovered in 2002. A novel variant, called the <a href="/wiki/Lucky_Thirteen_attack" title="Lucky Thirteen attack">Lucky Thirteen attack</a>, was published in 2013. Some experts<a href="#cite_note-best-practices-95">[88]</a> also recommended avoiding <a href="/wiki/Triple_DES" title="Triple DES">triple DES</a> CBC. Since the last supported ciphers developed to support any program using <a href="/wiki/Windows_XP" title="Windows XP">Windows XP</a>'s SSL/TLS library like Internet Explorer on Windows XP are <a href="/wiki/RC4" title="RC4">RC4</a> and Triple-DES, and since RC4 is now deprecated (see discussion of <a href="/wiki/Talk:RC4" title="Talk:RC4">RC4 attacks</a>), this makes it difficult to support any version of SSL for any program using this library on XP. A fix was released as the Encrypt-then-MAC extension to the TLS specification, released as <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7366">7366</a>.<a href="#cite_note-143">[129]</a> The Lucky Thirteen attack can be mitigated in TLS 1.2 by using only AES_GCM ciphers; AES_CBC remains vulnerable. SSL may safeguard email, VoIP, and other types of communications over insecure networks in addition to its primary use case of secure data transmission between a client and the server <a href="#cite_note-:0-2">[2]</a> <div class="mw-heading mw-heading4"><h4 id="POODLE_attack">POODLE attack</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=32" title="Edit section: POODLE attack">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/POODLE" title="POODLE">POODLE</a></div> On October 14, 2014, Google researchers published a vulnerability in the design of SSL 3.0, which makes <a href="/wiki/CBC_mode_of_operation" class="mw-redirect" title="CBC mode of operation">CBC mode of operation</a> with SSL 3.0 vulnerable to a <a href="/wiki/Padding_oracle_attack" title="Padding oracle attack">padding attack</a> (<a href="/wiki/CVE_(identifier)" class="mw-redirect" title="CVE (identifier)">CVE</a>-<link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a rel="nofollow" class="external text" href="https://nvd.nist.gov/vuln/detail/CVE-2014-3566">2014-3566</a>). They named this attack POODLE (Padding Oracle On Downgraded Legacy Encryption). On average, attackers only need to make 256 SSL 3.0 requests to reveal one byte of encrypted messages.<a href="#cite_note-poodle_pdf-106">[94]</a> Although this vulnerability only exists in SSL 3.0 and most clients and servers support TLS 1.0 and above, all major browsers voluntarily downgrade to SSL 3.0 if the handshakes with newer versions of TLS fail unless they provide the option for a user or administrator to disable SSL 3.0 and the user or administrator does so[<a href="/wiki/Wikipedia:Citation_needed" title="Wikipedia:Citation needed">citation needed</a>]. Therefore, the man-in-the-middle can first conduct a <a href="/wiki/Version_rollback_attack" class="mw-redirect" title="Version rollback attack">version rollback attack</a> and then exploit this vulnerability.<a href="#cite_note-poodle_pdf-106">[94]</a> On December 8, 2014, a variant of POODLE was announced that impacts TLS implementations that do not properly enforce padding byte requirements.<a href="#cite_note-poodleagain-144">[130]</a> <div class="mw-heading mw-heading4"><h4 id="RC4_attacks">RC4 attacks</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=33" title="Edit section: RC4 attacks">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/RC4#Security" title="RC4">RC4 § Security</a></div> Despite the existence of attacks on <a href="/wiki/RC4" title="RC4">RC4</a> that broke its security, cipher suites in SSL and TLS that were based on RC4 were still considered secure prior to 2013 based on the way in which they were used in SSL and TLS. In 2011, the RC4 suite was actually recommended as a work around for the <a href="/wiki/BEAST_(computer_security)" class="mw-redirect" title="BEAST (computer security)">BEAST</a> attack.<a href="#cite_note-145">[131]</a> New forms of attack disclosed in March 2013 conclusively demonstrated the feasibility of breaking RC4 in TLS, suggesting it was not a good workaround for BEAST.<a href="#cite_note-community.qualys-105">[93]</a> An attack scenario was proposed by AlFardan, Bernstein, Paterson, Poettering and Schuldt that used newly discovered statistical biases in the RC4 key table<a href="#cite_note-146">[132]</a> to recover parts of the plaintext with a large number of TLS encryptions.<a href="#cite_note-147">[133]</a><a href="#cite_note-148">[134]</a> An attack on RC4 in TLS and SSL that requires 13 × 220 encryptions to break RC4 was unveiled on 8 July 2013 and later described as "feasible" in the accompanying presentation at a <a href="/wiki/USENIX" title="USENIX">USENIX</a> Security Symposium in August 2013.<a href="#cite_note-149">[135]</a><a href="#cite_note-150">[136]</a> In July 2015, subsequent improvements in the attack make it increasingly practical to defeat the security of RC4-encrypted TLS.<a href="#cite_note-151">[137]</a> As many modern browsers have been designed to defeat BEAST attacks (except Safari for Mac OS X 10.7 or earlier, for iOS 6 or earlier, and for Windows; see <a href="#Web_browsers">§ Web browsers</a>), RC4 is no longer a good choice for TLS 1.0. The CBC ciphers which were affected by the BEAST attack in the past have become a more popular choice for protection.<a href="#cite_note-best-practices-95">[88]</a> Mozilla and Microsoft recommend disabling RC4 where possible.<a href="#cite_note-152">[138]</a><a href="#cite_note-153">[139]</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7465">7465</a> prohibits the use of RC4 cipher suites in all versions of TLS. On September 1, 2015, Microsoft, Google and Mozilla announced that RC4 cipher suites would be disabled by default in their browsers (<a href="/wiki/Microsoft_Edge" title="Microsoft Edge">Microsoft Edge</a>, <a href="/wiki/Internet_Explorer_11" title="Internet Explorer 11">Internet Explorer 11</a> on Windows 7/8.1/10, <a href="/wiki/Firefox" title="Firefox">Firefox</a>, and <a href="/wiki/Google_Chrome" title="Google Chrome">Chrome</a>) in early 2016.<a href="#cite_note-154">[140]</a><a href="#cite_note-155">[141]</a><a href="#cite_note-156">[142]</a> <div class="mw-heading mw-heading4"><h4 id="Truncation_attack">Truncation attack</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=34" title="Edit section: Truncation attack">edit</a>]</div> A TLS (logout) truncation attack blocks a victim's account logout requests so that the user unknowingly remains logged into a web service. When the request to sign out is sent, the attacker injects an unencrypted <a href="/wiki/Transmission_Control_Protocol" title="Transmission Control Protocol">TCP</a> FIN message (no more data from sender) to close the connection. The server therefore does not receive the logout request and is unaware of the abnormal termination.<a href="#cite_note-register20130801-157">[143]</a> Published in July 2013,<a href="#cite_note-158">[144]</a><a href="#cite_note-159">[145]</a> the attack causes web services such as <a href="/wiki/Gmail" title="Gmail">Gmail</a> and <a href="/wiki/Outlook.com" title="Outlook.com">Hotmail</a> to display a page that informs the user that they have successfully signed-out, while ensuring that the user's browser maintains authorization with the service, allowing an attacker with subsequent access to the browser to access and take over control of the user's logged-in account. The attack does not rely on installing malware on the victim's computer; attackers need only place themselves between the victim and the web server (e.g., by setting up a rogue wireless hotspot).<a href="#cite_note-register20130801-157">[143]</a> This vulnerability also requires access to the victim's computer. Another possibility is when using FTP the data connection can have a false FIN in the data stream, and if the protocol rules for exchanging close_notify alerts is not adhered to a file can be truncated. <div class="mw-heading mw-heading4"><h4 id="Plaintext_attack_against_DTLS">Plaintext attack against DTLS</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=35" title="Edit section: Plaintext attack against DTLS">edit</a>]</div> In February 2013 two researchers from Royal Holloway, University of London discovered a timing attack<a href="#cite_note-praad-tls-160">[146]</a> which allowed them to recover (parts of the) plaintext from a DTLS connection using the OpenSSL or GnuTLS implementation of DTLS when <a href="/wiki/Cipher_Block_Chaining" class="mw-redirect" title="Cipher Block Chaining">Cipher Block Chaining</a> mode encryption was used. <div class="mw-heading mw-heading4"><h4 id="Unholy_PAC_attack">Unholy PAC attack</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=36" title="Edit section: Unholy PAC attack">edit</a>]</div> This attack, discovered in mid-2016, exploits weaknesses in the <a href="/wiki/Web_Proxy_Autodiscovery_Protocol" class="mw-redirect" title="Web Proxy Autodiscovery Protocol">Web Proxy Autodiscovery Protocol</a> (WPAD) to expose the URL that a web user is attempting to reach via a TLS-enabled web link.<a href="#cite_note-161">[147]</a> Disclosure of a URL can violate a user's privacy, not only because of the website accessed, but also because URLs are sometimes used to authenticate users. Document sharing services, such as those offered by Google and Dropbox, also work by sending a user a security token that is included in the URL. An attacker who obtains such URLs may be able to gain full access to a victim's account or data. The exploit works against almost all browsers and operating systems. <div class="mw-heading mw-heading4"><h4 id="Sweet32_attack">Sweet32 attack</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=37" title="Edit section: Sweet32 attack">edit</a>]</div> The Sweet32 attack breaks all 64-bit block ciphers used in CBC mode as used in TLS by exploiting a <a href="/wiki/Birthday_attack" title="Birthday attack">birthday attack</a> and either a <a href="/wiki/Man-in-the-middle_attack" title="Man-in-the-middle attack">man-in-the-middle attack</a> or injection of a malicious <a href="/wiki/JavaScript" title="JavaScript">JavaScript</a> into a web page. The purpose of the man-in-the-middle attack or the JavaScript injection is to allow the attacker to capture enough traffic to mount a birthday attack.<a href="#cite_note-162">[148]</a> <div class="mw-heading mw-heading4"><h4 id="Implementation_errors:_Heartbleed_bug,_BERserk_attack,_Cloudflare_bug">Implementation errors: Heartbleed bug, BERserk attack, Cloudflare bug</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=38" title="Edit section: Implementation errors: Heartbleed bug, BERserk attack, Cloudflare bug">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main articles: <a href="/wiki/Heartbleed" title="Heartbleed">Heartbleed</a> and <a href="/wiki/Cloudbleed" title="Cloudbleed">Cloudbleed</a></div> The <a href="/wiki/Heartbleed" title="Heartbleed">Heartbleed</a> bug is a serious vulnerability specific to the implementation of SSL/TLS in the popular <a href="/wiki/OpenSSL" title="OpenSSL">OpenSSL</a> cryptographic software library, affecting versions 1.0.1 to 1.0.1f. This weakness, reported in April 2014, allows attackers to steal <a href="/wiki/Public-key_cryptography" title="Public-key cryptography">private keys</a> from servers that should normally be protected.<a href="#cite_note-163">[149]</a> The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret private keys associated with the <a href="/wiki/X.509" title="X.509">public certificates</a> used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.<a href="#cite_note-164">[150]</a> The vulnerability is caused by a <a href="/wiki/Buffer_over-read" title="Buffer over-read">buffer over-read</a> bug in the OpenSSL software, rather than a defect in the SSL or TLS protocol specification. In September 2014, a variant of <a href="/wiki/Daniel_Bleichenbacher" title="Daniel Bleichenbacher">Daniel Bleichenbacher</a>'s PKCS#1 v1.5 RSA Signature Forgery vulnerability<a href="#cite_note-165">[151]</a> was announced by Intel Security Advanced Threat Research. This attack, dubbed BERserk, is a result of incomplete ASN.1 length decoding of public key signatures in some SSL implementations, and allows a man-in-the-middle attack by forging a public key signature.<a href="#cite_note-166">[152]</a> In February 2015, after media reported the hidden pre-installation of <a href="/wiki/Superfish" title="Superfish">superfish</a> adware on some Lenovo notebooks,<a href="#cite_note-167">[153]</a> a researcher found a trusted root certificate on affected Lenovo machines to be insecure, as the keys could easily be accessed using the company name, Komodia, as a passphrase.<a href="#cite_note-168">[154]</a> The Komodia library was designed to intercept client-side TLS/SSL traffic for parental control and surveillance, but it was also used in numerous adware programs, including Superfish, that were often surreptitiously installed unbeknownst to the computer user. In turn, these <a href="/wiki/Potentially_unwanted_program" title="Potentially unwanted program">potentially unwanted programs</a> installed the corrupt root certificate, allowing attackers to completely control web traffic and confirm false websites as authentic. In May 2016, it was reported that dozens of Danish HTTPS-protected websites belonging to <a href="/wiki/Visa_Inc." title="Visa Inc.">Visa Inc.</a> were vulnerable to attacks allowing hackers to inject malicious code and forged content into the browsers of visitors.<a href="#cite_note-forbidden-169">[155]</a> The attacks worked because the TLS implementation used on the affected servers incorrectly reused random numbers (<a href="/wiki/Cryptographic_nonce" title="Cryptographic nonce">nonces</a>) that are intended to be used only once, ensuring that each <a href="#TLS_handshake">TLS handshake</a> is unique.<a href="#cite_note-forbidden-169">[155]</a> In February 2017, an implementation error caused by a single mistyped character in code used to parse HTML created a buffer overflow error on <a href="/wiki/Cloudflare" title="Cloudflare">Cloudflare</a> servers. Similar in its effects to the Heartbleed bug discovered in 2014, this overflow error, widely known as <a href="/wiki/Cloudbleed" title="Cloudbleed">Cloudbleed</a>, allowed unauthorized third parties to read data in the memory of programs running on the servers—data that should otherwise have been protected by TLS.<a href="#cite_note-170">[156]</a> <div class="mw-heading mw-heading4"><h4 id="Survey_of_websites_vulnerable_to_attacks">Survey of websites vulnerable to attacks</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=39" title="Edit section: Survey of websites vulnerable to attacks">edit</a>]</div> As of July 2021<a class="external text" href="https://en.wikipedia.org/w/index.php?title=Transport_Layer_Security&action=edit">[update]</a>, the Trustworthy Internet Movement estimated the ratio of websites that are vulnerable to TLS attacks.<a href="#cite_note-trustworthy_ssl_pulse-104">[92]</a> <table class="wikitable" style="text-align:center"> <caption>Survey of the TLS vulnerabilities of the most popular websites </caption> <tbody><tr> <th scope="col" rowspan="2">Attacks </th> <th scope="col" colspan="4">Security </th></tr> <tr> <th scope="col">Insecure </th> <th scope="col">Depends </th> <th scope="col">Secure </th> <th scope="col">Other </th></tr> <tr> <th scope="row"><a href="#Renegotiation_attack">Renegotiation attack</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">< 0.1% support insecure renegotiation </td> <td style="background:#FFB; color:black;vertical-align:middle;text-align:center;" class="table-partial">< 0.1% support both </td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">99.7% support secure renegotiation </td> <td style="background: #EEE; color:black; vertical-align: middle; text-align: center;" class="table-cast">0.3% no support </td></tr> <tr> <th scope="row"><a href="#RC4_attacks">RC4 attacks</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">0.2% support RC4 suites used with modern browsers </td> <td style="background:#FFB; color:black;vertical-align:middle;text-align:center;" class="table-partial">3.0% support some RC4 suites </td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">96.9% no support </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th scope="row"><a href="#CRIME_attack">TLS Compression (CRIME attack)</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">0% vulnerable </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th scope="row"><a href="#Heartbleed">Heartbleed</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">0% vulnerable </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th scope="row"><a href="/wiki/CVE-2014-0224" class="mw-redirect" title="CVE-2014-0224">ChangeCipherSpec injection attack</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">< 0.1% vulnerable and exploitable </td> <td style="background:#FFB; color:black;vertical-align:middle;text-align:center;" class="table-partial">< 0.1% vulnerable, not exploitable </td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">99.5% not vulnerable </td> <td style="background: var(--background-color-interactive, #EEE); color: var(--color-base, black); vertical-align: middle; white-space: nowrap; text-align: center;" class="table-Unknown">0.4% unknown </td></tr> <tr> <th scope="row"><a href="#POODLE_attack">POODLE attack against TLS</a> (Original POODLE against SSL 3.0 is not included) </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">< 0.1% vulnerable and exploitable </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">99.9% not vulnerable </td> <td style="background: var(--background-color-interactive, #EEE); color: var(--color-base, black); vertical-align: middle; white-space: nowrap; text-align: center;" class="table-Unknown">0.1% unknown </td></tr> <tr> <th scope="row"><a href="#Downgrade_attacks">Protocol downgrade</a> </th> <td style="background:#FFC7C7;color:black;vertical-align:middle;text-align:center;" class="table-no">4.1% Downgrade defence not supported </td> <td data-sort-value="" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td> <td style="background: #BFD; color:black; vertical-align: middle; text-align: center;" class="yes2 table-yes2">80.2% Downgrade defence supported </td> <td style="background: var(--background-color-interactive, #EEE); color: var(--color-base, black); vertical-align: middle; white-space: nowrap; text-align: center;" class="table-Unknown">15.7% unknown </td></tr></tbody></table> <div class="mw-heading mw-heading3"><h3 id="Forward_secrecy">Forward secrecy</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=40" title="Edit section: Forward secrecy">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">Main article: <a href="/wiki/Forward_secrecy" title="Forward secrecy">Forward secrecy</a></div> Forward secrecy is a property of cryptographic systems which ensures that a session key derived from a set of public and private keys will not be compromised if one of the private keys is compromised in the future.<a href="#cite_note-171">[157]</a> Without forward secrecy, if the server's private key is compromised, not only will all future TLS-encrypted sessions using that server certificate be compromised, but also any past sessions that used it as well (provided that these past sessions were intercepted and stored at the time of transmission).<a href="#cite_note-172">[158]</a> An implementation of TLS can provide forward secrecy by requiring the use of ephemeral <a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">Diffie–Hellman key exchange</a> to establish session keys, and some notable TLS implementations do so exclusively: e.g., <a href="/wiki/Gmail" title="Gmail">Gmail</a> and other Google HTTPS services that use <a href="/wiki/OpenSSL" title="OpenSSL">OpenSSL</a>.<a href="#cite_note-173">[159]</a> However, many clients and servers supporting TLS (including browsers and web servers) are not configured to implement such restrictions.<a href="#cite_note-174">[160]</a><a href="#cite_note-175">[161]</a> In practice, unless a web service uses Diffie–Hellman key exchange to implement forward secrecy, all of the encrypted web traffic to and from that service can be decrypted by a third party if it obtains the server's master (private) key; e.g., by means of a court order.<a href="#cite_note-176">[162]</a> Even where Diffie–Hellman key exchange is implemented, server-side session management mechanisms can impact forward secrecy. The use of <a href="#Resumed_TLS_handshake">TLS session tickets</a> (a TLS extension) causes the session to be protected by AES128-CBC-SHA256 regardless of any other negotiated TLS parameters, including forward secrecy ciphersuites, and the long-lived TLS session ticket keys defeat the attempt to implement forward secrecy.<a href="#cite_note-botchingpfs-177">[163]</a><a href="#cite_note-ticketsecwp-178">[164]</a><a href="#cite_note-ticketsecslides-179">[165]</a> Stanford University research in 2014 also found that of 473,802 TLS servers surveyed, 82.9% of the servers deploying ephemeral Diffie–Hellman (DHE) key exchange to support forward secrecy were using weak Diffie–Hellman parameters. These weak parameter choices could potentially compromise the effectiveness of the forward secrecy that the servers sought to provide.<a href="#cite_note-180">[166]</a> Since late 2011, Google has provided forward secrecy with TLS by default to users of its <a href="/wiki/Gmail" title="Gmail">Gmail</a> service, along with <a href="/wiki/Google_Docs" title="Google Docs">Google Docs</a> and encrypted search, among other services.<a href="#cite_note-googleLongTerm-181">[167]</a> Since November 2013, <a href="/wiki/Twitter" title="Twitter">Twitter</a> has provided forward secrecy with TLS to users of its service.<a href="#cite_note-182">[168]</a> As of August 2019<a class="external text" href="https://en.wikipedia.org/w/index.php?title=Transport_Layer_Security&action=edit">[update]</a>, about 80% of TLS-enabled websites are configured to use cipher suites that provide forward secrecy to most web browsers.<a href="#cite_note-trustworthy_ssl_pulse-104">[92]</a> <div class="mw-heading mw-heading3"><h3 id="TLS_interception">TLS interception</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=41" title="Edit section: TLS interception">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236090951"><div role="note" class="hatnote navigation-not-searchable">See also: <a href="/wiki/Server_Name_Indication#Encrypted_Client_Hello" title="Server Name Indication">Server Name Indication § Encrypted Client Hello</a></div> TLS interception (or <a href="/wiki/HTTPS" title="HTTPS">HTTPS</a> interception if applied particularly to that protocol) is the practice of intercepting an encrypted data stream in order to decrypt it, read and possibly manipulate it, and then re-encrypt it and send the data on its way again. This is done by way of a "<a href="/wiki/Transparent_proxy" class="mw-redirect" title="Transparent proxy">transparent proxy</a>": the interception software terminates the incoming TLS connection, inspects the HTTP plaintext, and then creates a new TLS connection to the destination.<a href="#cite_note-Durumeric_et_al_2017-183">[169]</a> TLS/HTTPS interception is used as an <a href="/wiki/Information_security" title="Information security">information security</a> measure by network operators in order to be able to scan for and protect against the intrusion of malicious content into the network, such as <a href="/wiki/Computer_virus" title="Computer virus">computer viruses</a> and other <a href="/wiki/Malware" title="Malware">malware</a>.<a href="#cite_note-Durumeric_et_al_2017-183">[169]</a> Such content could otherwise not be detected as long as it is protected by encryption, which is increasingly the case as a result of the routine use of HTTPS and other secure protocols. A significant drawback of TLS/HTTPS interception is that it introduces new security risks of its own. One notable limitation is that it provides a point where network traffic is available unencrypted thus giving attackers an incentive to attack this point in particular in order to gain access to otherwise secure content. The interception also allows the network operator, or persons who gain access to its interception system, to perform <a href="/wiki/Man-in-the-middle_attack" title="Man-in-the-middle attack">man-in-the-middle attacks</a> against network users. A 2017 study found that "HTTPS interception has become startlingly widespread, and that interception products as a class have a dramatically negative impact on connection security".<a href="#cite_note-Durumeric_et_al_2017-183">[169]</a> <div class="mw-heading mw-heading2"><h2 id="Protocol_details">Protocol details</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=42" title="Edit section: Protocol details">edit</a>]</div> The TLS protocol exchanges records, which encapsulate the data to be exchanged in a specific format (see below). Each record can be compressed, padded, appended with a <a href="/wiki/Message_authentication_code" title="Message authentication code">message authentication code</a> (MAC), or encrypted, all depending on the state of the connection. Each record has a content type field that designates the type of data encapsulated, a length field and a TLS version field. The data encapsulated may be control or procedural messages of the TLS itself, or simply the application data needed to be transferred by TLS. The specifications (cipher suite, keys etc.) required to exchange application data by TLS, are agreed upon in the "TLS handshake" between the client requesting the data and the server responding to requests. The protocol therefore defines both the structure of payloads transferred in TLS and the procedure to establish and monitor the transfer. <div class="mw-heading mw-heading3"><h3 id="TLS_handshake">TLS handshake</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=43" title="Edit section: TLS handshake">edit</a>]</div> <figure class="mw-default-size" typeof="mw:File/Thumb"><a href="/wiki/File:Full_TLS_1.2_Handshake.svg" class="mw-file-description"><img src="//upload.wikimedia.org/wikipedia/commons/thumb/d/d3/Full_TLS_1.2_Handshake.svg/220px-Full_TLS_1.2_Handshake.svg.png" decoding="async" width="220" height="206" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/commons/thumb/d/d3/Full_TLS_1.2_Handshake.svg/330px-Full_TLS_1.2_Handshake.svg.png 1.5x, //upload.wikimedia.org/wikipedia/commons/thumb/d/d3/Full_TLS_1.2_Handshake.svg/440px-Full_TLS_1.2_Handshake.svg.png 2x" data-file-width="338" data-file-height="316" /></a><figcaption>Simplified illustration of the full TLS 1.2 handshake with timing information</figcaption></figure> When the connection starts, the record encapsulates a "control" protocol – the handshake messaging protocol (content type 22). This protocol is used to exchange all the information required by both sides for the exchange of the actual application data by TLS. It defines the format of messages and the order of their exchange. These may vary according to the demands of the client and server – i.e., there are several possible procedures to set up the connection. This initial exchange results in a successful TLS connection (both parties ready to transfer application data with TLS) or an alert message (as specified below). <div class="mw-heading mw-heading4"><h4 id="Basic_TLS_handshake">Basic TLS handshake</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=44" title="Edit section: Basic TLS handshake">edit</a>]</div> A typical connection example follows, illustrating a <a href="/wiki/Handshake_(computing)" title="Handshake (computing)">handshake</a> where the server (but not the client) is authenticated by its certificate: <ol><li>Negotiation phase: <ul><li>A client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggested <a href="/wiki/Cipher_suite" title="Cipher suite">cipher suites</a> and suggested compression methods. If the client is attempting to perform a resumed handshake, it may send a session ID. If the client can use <a href="/wiki/Application-Layer_Protocol_Negotiation" title="Application-Layer Protocol Negotiation">Application-Layer Protocol Negotiation</a>, it may include a list of supported application <a href="/wiki/Communications_protocol" class="mw-redirect" title="Communications protocol">protocols</a>, such as <a href="/wiki/HTTP/2" title="HTTP/2">HTTP/2</a>.</li> <li>The server responds with a ServerHello message, containing the chosen protocol version, a random number, cipher suite and compression method from the choices offered by the client. To confirm or allow resumed handshakes the server may send a session ID. The chosen protocol version should be the highest that both the client and server support. For example, if the client supports TLS version 1.1 and the server supports version 1.2, version 1.1 should be selected; version 1.2 should not be selected.</li> <li>The server sends its Certificate message (depending on the selected cipher suite, this may be omitted by the server).<a href="#cite_note-openpgp-184">[170]</a></li> <li>The server sends its ServerKeyExchange message (depending on the selected cipher suite, this may be omitted by the server). This message is sent for all <a href="/wiki/Diffie%E2%80%93Hellman_key_exchange" title="Diffie–Hellman key exchange">DHE</a>, <a href="/wiki/ECDHE" class="mw-redirect" title="ECDHE">ECDHE</a> and DH_anon cipher suites.<a href="#cite_note-rfc5246-23">[23]</a></li> <li>The server sends a ServerHelloDone message, indicating it is done with handshake negotiation.</li> <li>The client responds with a ClientKeyExchange message, which may contain a PreMasterSecret, public key, or nothing. (Again, this depends on the selected cipher.) This PreMasterSecret is encrypted using the public key of the server certificate.</li> <li>The client and server then use the random numbers and PreMasterSecret to compute a common secret, called the "master secret". All other key data (<a href="/wiki/Session_key" title="Session key">session keys</a> such as <a href="/wiki/Initialization_vector" title="Initialization vector">IV</a>, <a href="/wiki/Symmetric_encryption" class="mw-redirect" title="Symmetric encryption">symmetric encryption</a> key, <a href="/wiki/Message_authentication_code" title="Message authentication code">MAC</a> key<a href="#cite_note-185">[171]</a>) for this connection is derived from this master secret (and the client- and server-generated random values), which is passed through a carefully designed <a href="/wiki/Pseudorandomness" title="Pseudorandomness">pseudorandom</a> function.</li></ul></li> <li>The client now sends a ChangeCipherSpec record, essentially telling the server, "Everything I tell you from now on will be authenticated (and encrypted if encryption parameters were present in the server certificate)." The ChangeCipherSpec is itself a record-level protocol with content type of 20. <ul><li>The client sends an authenticated and encrypted Finished message, containing a hash and MAC over the previous handshake messages.</li> <li>The server will attempt to decrypt the client's Finished message and verify the hash and MAC. If the decryption or verification fails, the handshake is considered to have failed and the connection should be terminated.</li></ul></li> <li>Finally, the server sends a ChangeCipherSpec, telling the client, "Everything I tell you from now on will be authenticated (and encrypted, if encryption was negotiated)." <ul><li>The server sends its authenticated and encrypted Finished message.</li> <li>The client performs the same decryption and verification procedure as the server did in the previous step.</li></ul></li> <li>Application phase: at this point, the "handshake" is complete and the application protocol is enabled, with content type of 23. Application messages exchanged between client and server will also be authenticated and optionally encrypted exactly like in their Finished message. Otherwise, the content type will return 25 and the client will not authenticate.</li></ol> <div class="mw-heading mw-heading4"><h4 id="Client-authenticated_TLS_handshake">Client-authenticated TLS handshake</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=45" title="Edit section: Client-authenticated TLS handshake">edit</a>]</div> The following full example shows a client being authenticated (in addition to the server as in the example above; see <a href="/wiki/Mutual_authentication" title="Mutual authentication">mutual authentication</a>) via TLS using certificates exchanged between both peers. <ol><li>Negotiation Phase: <ul><li>A client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggested cipher suites and compression methods.</li> <li>The server responds with a ServerHello message, containing the chosen protocol version, a random number, cipher suite and compression method from the choices offered by the client. The server may also send a session id as part of the message to perform a resumed handshake.</li> <li>The server sends its Certificate message (depending on the selected cipher suite, this may be omitted by the server).<a href="#cite_note-openpgp-184">[170]</a></li> <li>The server sends its ServerKeyExchange message (depending on the selected cipher suite, this may be omitted by the server). This message is sent for all DHE, ECDHE and DH_anon ciphersuites.<a class="external autonumber" href="https://en.wikipedia.org/wiki/Transport_Layer_Security#endnote_5246">[1]</a></li> <li>The server sends a CertificateRequest message, to request a certificate from the client.</li> <li>The server sends a ServerHelloDone message, indicating it is done with handshake negotiation.</li> <li>The client responds with a Certificate message, which contains the client's certificate, but not its private key.</li> <li>The client sends a ClientKeyExchange message, which may contain a PreMasterSecret, public key, or nothing. (Again, this depends on the selected cipher.) This PreMasterSecret is encrypted using the public key of the server certificate.</li> <li>The client sends a CertificateVerify message, which is a signature over the previous handshake messages using the client's certificate's private key. This signature can be verified by using the client's certificate's public key. This lets the server know that the client has access to the private key of the certificate and thus owns the certificate.</li> <li>The client and server then use the random numbers and PreMasterSecret to compute a common secret, called the "master secret". All other key data ("session keys") for this connection is derived from this master secret (and the client- and server-generated random values), which is passed through a carefully designed pseudorandom function.</li></ul></li> <li>The client now sends a ChangeCipherSpec record, essentially telling the server, "Everything I tell you from now on will be authenticated (and encrypted if encryption was negotiated). "The ChangeCipherSpec is itself a record-level protocol and has type 20 and not 22. <ul><li>Finally, the client sends an encrypted Finished message, containing a hash and MAC over the previous handshake messages.</li> <li>The server will attempt to decrypt the client's Finished message and verify the hash and MAC. If the decryption or verification fails, the handshake is considered to have failed and the connection should be torn down.</li></ul></li> <li>Finally, the server sends a ChangeCipherSpec, telling the client, "Everything I tell you from now on will be authenticated (and encrypted if encryption was negotiated)." <ul><li>The server sends its own encrypted Finished message.</li> <li>The client performs the same decryption and verification procedure as the server did in the previous step.</li></ul></li> <li>Application phase: at this point, the "handshake" is complete and the application protocol is enabled, with content type of 23. Application messages exchanged between client and server will also be encrypted exactly like in their Finished message.</li></ol> <div class="mw-heading mw-heading4"><h4 id="Resumed_TLS_handshake">Resumed TLS handshake</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=46" title="Edit section: Resumed TLS handshake">edit</a>]</div> Public key operations (e.g., RSA) are relatively expensive in terms of computational power. TLS provides a secure shortcut in the handshake mechanism to avoid these operations: resumed sessions. Resumed sessions are implemented using session IDs or session tickets. Apart from the performance benefit, resumed sessions can also be used for <a href="/wiki/Single_sign-on" title="Single sign-on">single sign-on</a>, as it guarantees that both the original session and any resumed session originate from the same client. This is of particular importance for the <a href="/wiki/FTPS" title="FTPS">FTP over TLS/SSL</a> protocol, which would otherwise suffer from a man-in-the-middle attack in which an attacker could intercept the contents of the secondary data connections.<a href="#cite_note-186">[172]</a> <div class="mw-heading mw-heading4"><h4 id="TLS_1.3_handshake">TLS 1.3 handshake</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=47" title="Edit section: TLS 1.3 handshake">edit</a>]</div> The TLS 1.3 handshake was condensed to only one round trip compared to the two round trips required in previous versions of TLS/SSL. To start the handshake, the client guesses which key exchange algorithm will be selected by the server and sends a ClientHello message to the server containing a list of supported ciphers (in order of the client's preference) and public keys for some or all of its key exchange guesses. If the client successfully guesses the key exchange algorithm, 1 round trip is eliminated from the handshake. After receiving the ClientHello, the server selects a cipher and sends back a ServerHello with its own public key, followed by server Certificate and Finished messages.<a href="#cite_note-187">[173]</a> After the client receives the server's finished message, it now is coordinated with the server on which cipher suite to use.<a href="#cite_note-188">[174]</a> <div class="mw-heading mw-heading5"><h5 id="Session_IDs">Session IDs</h5>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=48" title="Edit section: Session IDs">edit</a>]</div> In an ordinary full handshake, the server sends a session id as part of the ServerHello message. The client associates this session id with the server's IP address and TCP port, so that when the client connects again to that server, it can use the session id to shortcut the handshake. In the server, the session id maps to the cryptographic parameters previously negotiated, specifically the "master secret". Both sides must have the same "master secret" or the resumed handshake will fail (this prevents an eavesdropper from using a session id). The random data in the ClientHello and ServerHello messages virtually guarantee that the generated connection keys will be different from in the previous connection. In the RFCs, this type of handshake is called an abbreviated handshake. It is also described in the literature as a restart handshake. <ol><li>Negotiation phase: <ul><li>A client sends a ClientHello message specifying the highest TLS protocol version it supports, a random number, a list of suggested cipher suites and compression methods. Included in the message is the session id from the previous TLS connection.</li> <li>The server responds with a ServerHello message, containing the chosen protocol version, a random number, cipher suite and compression method from the choices offered by the client. If the server recognizes the session id sent by the client, it responds with the same session id. The client uses this to recognize that a resumed handshake is being performed. If the server does not recognize the session id sent by the client, it sends a different value for its session id. This tells the client that a resumed handshake will not be performed. At this point, both the client and server have the "master secret" and random data to generate the key data to be used for this connection.</li></ul></li> <li>The server now sends a ChangeCipherSpec record, essentially telling the client, "Everything I tell you from now on will be encrypted." The ChangeCipherSpec is itself a record-level protocol and has type 20 and not 22. <ul><li>Finally, the server sends an encrypted Finished message, containing a hash and MAC over the previous handshake messages.</li> <li>The client will attempt to decrypt the server's Finished message and verify the hash and MAC. If the decryption or verification fails, the handshake is considered to have failed and the connection should be torn down.</li></ul></li> <li>Finally, the client sends a ChangeCipherSpec, telling the server, "Everything I tell you from now on will be encrypted." <ul><li>The client sends its own encrypted Finished message.</li> <li>The server performs the same decryption and verification procedure as the client did in the previous step.</li></ul></li> <li>Application phase: at this point, the "handshake" is complete and the application protocol is enabled, with content type of 23. Application messages exchanged between client and server will also be encrypted exactly like in their Finished message.</li></ol> <div class="mw-heading mw-heading5"><h5 id="Session_tickets">Session tickets</h5>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=49" title="Edit section: Session tickets">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5077">5077</a> extends TLS via use of session tickets, instead of session IDs. It defines a way to resume a TLS session without requiring that session-specific state is stored at the TLS server. When using session tickets, the TLS server stores its session-specific state in a session ticket and sends the session ticket to the TLS client for storing. The client resumes a TLS session by sending the session ticket to the server, and the server resumes the TLS session according to the session-specific state in the ticket. The session ticket is encrypted and authenticated by the server, and the server verifies its validity before using its contents. One particular weakness of this method with <a href="/wiki/OpenSSL" title="OpenSSL">OpenSSL</a> is that it always limits encryption and authentication security of the transmitted TLS session ticket to <code>AES128-CBC-SHA256</code>, no matter what other TLS parameters were negotiated for the actual TLS session.<a href="#cite_note-ticketsecwp-178">[164]</a> This means that the state information (the TLS session ticket) is not as well protected as the TLS session itself. Of particular concern is OpenSSL's storage of the keys in an application-wide context (<code>SSL_CTX</code>), i.e. for the life of the application, and not allowing for re-keying of the <code>AES128-CBC-SHA256</code> TLS session tickets without resetting the application-wide OpenSSL context (which is uncommon, error-prone and often requires manual administrative intervention).<a href="#cite_note-ticketsecslides-179">[165]</a><a href="#cite_note-botchingpfs-177">[163]</a> <div class="mw-heading mw-heading3"><h3 id="TLS_record">TLS record</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=50" title="Edit section: TLS record">edit</a>]</div> This is the general format of all TLS records. <table class="wikitable" style="width:95%;text-align:center"> <caption>TLS record format, general </caption> <tbody><tr> <th scope="col">Offset </th> <th scope="col" style="width:22%">Byte+0 </th> <th scope="col" style="width:22%">Byte+1 </th> <th scope="col" style="width:22%">Byte+2 </th> <th scope="col" style="width:22%">Byte+3 </th></tr> <tr> <th scope="row">Byte 0 </th> <td style="background:#dfd">Content type </td> <td colspan="3data-sort-value=""" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th scope="row" rowspan="2">Bytes 1–4 </th> <td colspan="2" style="background:#fdd">Legacy version </td> <td colspan="2" style="background:#fdd">Length </td></tr> <tr style="background:#fdd"> <td>(Major) </td> <td>(Minor) </td> <td>(bits 15–8) </td> <td>(bits 7–0) </td></tr> <tr> <th scope="row">Bytes 5–(m−1) </th> <td colspan="4">Protocol message(s) </td></tr> <tr> <th scope="row">Bytes m–(p−1) </th> <td colspan="4" style="background:#fbb"><a href="/wiki/Message_authentication_code" title="Message authentication code">MAC</a> (optional) </td></tr> <tr> <th scope="row">Bytes p–(q−1) </th> <td colspan="4" style="background:#fbb">Padding (block ciphers only) </td></tr></tbody></table> <dl><dt>Content type</dt> <dd>This field identifies the Record Layer Protocol Type contained in this record.</dd></dl> <table class="wikitable"> <caption>Content types </caption> <tbody><tr> <th scope="col">Hex </th> <th scope="col">Dec </th> <th scope="col">Type </th></tr> <tr> <th scope="row">0×14 </th> <td>20 </td> <td>ChangeCipherSpec </td></tr> <tr> <th scope="row">0×15 </th> <td>21 </td> <td>Alert </td></tr> <tr> <th scope="row">0×16 </th> <td>22 </td> <td>Handshake </td></tr> <tr> <th scope="row">0×17 </th> <td>23 </td> <td>Application </td></tr> <tr> <th scope="row">0×18 </th> <td>24 </td> <td>Heartbeat </td></tr></tbody></table> <dl><dt>Legacy version</dt> <dd>This field identifies the major and minor version of TLS prior to TLS 1.3 for the contained message. For a ClientHello message, this need not be the highest version supported by the client. For TLS 1.3 and later, this must to be set 0x0303 and application must send supported versions in an extra message extension block.</dd></dl> <table class="wikitable"> <caption>Versions </caption> <tbody><tr> <th scope="col">Major version </th> <th scope="col">Minor version </th> <th scope="col">Version type </th></tr> <tr> <th scope="row">3 </th> <td>0 </td> <td>SSL 3.0 </td></tr> <tr> <th scope="row">3 </th> <td>1 </td> <td>TLS 1.0 </td></tr> <tr> <th scope="row">3 </th> <td>2 </td> <td>TLS 1.1 </td></tr> <tr> <th scope="row">3 </th> <td>3 </td> <td>TLS 1.2 </td></tr> <tr> <th scope="row">3 </th> <td>4 </td> <td>TLS 1.3 </td></tr></tbody></table> <dl><dt>Length</dt></dl> <dl><dd>The length of "protocol message(s)", "MAC" and "padding" fields combined (i.e. q−5), not to exceed 214 bytes (16 KiB).</dd> <dt>Protocol message(s)</dt> <dd>One or more messages identified by the Protocol field. Note that this field may be encrypted depending on the state of the connection.</dd> <dt>MAC and padding</dt> <dd>A <a href="/wiki/Message_authentication_code" title="Message authentication code">message authentication code</a> computed over the "protocol message(s)" field, with additional key material included. Note that this field may be encrypted, or not included entirely, depending on the state of the connection.</dd> <dd>No "MAC" or "padding" fields can be present at end of TLS records before all cipher algorithms and parameters have been negotiated and handshaked and then confirmed by sending a CipherStateChange record (see below) for signalling that these parameters will take effect in all further records sent by the same peer.</dd></dl> <div class="mw-heading mw-heading4"><h4 id="Handshake_protocol">Handshake protocol</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=51" title="Edit section: Handshake protocol">edit</a>]</div> Most messages exchanged during the setup of the TLS session are based on this record, unless an error or warning occurs and needs to be signaled by an Alert protocol record (see below), or the encryption mode of the session is modified by another record (see ChangeCipherSpec protocol below). <table class="wikitable" style="width:95%;text-align:center"> <caption>TLS record format for handshake protocol </caption> <tbody><tr> <th scope="col">Offset </th> <th scope="col" style="width:22%">Byte+0 </th> <th scope="col" style="width:22%">Byte+1 </th> <th scope="col" style="width:22%">Byte+2 </th> <th scope="col" style="width:22%">Byte+3 </th></tr> <tr> <th scope="row">Byte 0 </th> <td style="background:#dfd">22 </td> <td colspan="3data-sort-value=""" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th scope="row" rowspan="2">Bytes 1–4 </th> <td colspan="2" style="background:#fdd">Legacy version </td> <td colspan="2" style="background:#fdd">Length </td></tr> <tr style="background:#fdd"> <td>(Major) </td> <td>(Minor) </td> <td>(bits 15–8) </td> <td>(bits 7–0) </td></tr> <tr> <th scope="row" rowspan="2">Bytes 5–8 </th> <td rowspan="2">Message type </td> <td colspan="3">Handshake message data length </td></tr> <tr style="font-size:90%;line-height:1.2"> <td>(bits 23–16) </td> <td>(bits 15–8) </td> <td>(bits 7–0) </td></tr> <tr> <th scope="row">Bytes 9–(n−1) </th> <td colspan="4">Handshake message data </td></tr> <tr> <th scope="row" rowspan="2">Bytes n–(n+3) </th> <td rowspan="2" style="background:#fdd">Message type </td> <td colspan="3" style="background:#fdd">Handshake message data length </td></tr> <tr style="background:#fdd"> <td>(bits 23–16) </td> <td>(bits 15–8) </td> <td>(bits 7–0) </td></tr> <tr> <th scope="row">Bytes (n+4)– </th> <td colspan="4" style="background:#fdd">Handshake message data </td></tr></tbody></table> <dl><dt>Message type</dt> <dd>This field identifies the handshake message type.</dd></dl> <table class="wikitable"> <caption>Message types </caption> <tbody><tr> <th scope="col">Code </th> <th scope="col">Description </th></tr> <tr> <th scope="row">0 </th> <td>HelloRequest </td></tr> <tr> <th scope="row">1 </th> <td>ClientHello </td></tr> <tr> <th scope="row">2 </th> <td>ServerHello </td></tr> <tr> <th scope="row">4 </th> <td>NewSessionTicket </td></tr> <tr> <th scope="row">8 </th> <td>EncryptedExtensions (TLS 1.3 only) </td></tr> <tr> <th scope="row">11 </th> <td>Certificate </td></tr> <tr> <th scope="row">12 </th> <td>ServerKeyExchange </td></tr> <tr> <th scope="row">13 </th> <td>CertificateRequest </td></tr> <tr> <th scope="row">14 </th> <td>ServerHelloDone </td></tr> <tr> <th scope="row">15 </th> <td>CertificateVerify </td></tr> <tr> <th scope="row">16 </th> <td>ClientKeyExchange </td></tr> <tr> <th scope="row">20 </th> <td>Finished </td></tr></tbody></table> <dl><dt>Handshake message data length</dt> <dd>This is a 3-byte field indicating the length of the handshake data, not including the header.</dd></dl> Note that multiple handshake messages may be combined within one record. <div class="mw-heading mw-heading4"><h4 id="Alert_protocol">Alert protocol</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=52" title="Edit section: Alert protocol">edit</a>]</div> This record should normally not be sent during normal handshaking or application exchanges. However, this message can be sent at any time during the handshake and up to the closure of the session. If this is used to signal a fatal error, the session will be closed immediately after sending this record, so this record is used to give a reason for this closure. If the alert level is flagged as a warning, the remote can decide to close the session if it decides that the session is not reliable enough for its needs (before doing so, the remote may also send its own signal). <table class="wikitable" style="width:95%;text-align:center"> <caption>TLS record format for alert protocol </caption> <tbody><tr> <th scope="col">Offset </th> <th scope="col" style="width:22%">Byte+0 </th> <th scope="col" style="width:22%">Byte+1 </th> <th scope="col" style="width:22%">Byte+2 </th> <th scope="col" style="width:22%">Byte+3 </th></tr> <tr> <th scope="row">Byte 0 </th> <td style="background:#dfd">21 </td> <td colspan="3data-sort-value=""" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th scope="row" rowspan="2">Bytes 1–4 </th> <td colspan="2" style="background:#fdd">Legacy version </td> <td colspan="2" style="background:#fdd">Length </td></tr> <tr style="background:#fdd"> <td>(Major) </td> <td>(Minor) </td> <td>0 </td> <td>2 </td></tr> <tr> <th>Bytes 5–6 </th> <td>Level </td> <td>Description </td> <td colspan="2data-sort-value=""" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th>Bytes 7–(p−1) </th> <td colspan="4" style="background:#fbb"><a href="/wiki/Message_authentication_code" title="Message authentication code">MAC</a> (optional) </td></tr> <tr> <th>Bytes p–(q−1) </th> <td colspan="4" style="background:#fbb">Padding (block ciphers only) </td></tr></tbody></table> <dl><dt>Level</dt> <dd>This field identifies the level of alert. If the level is fatal, the sender should close the session immediately. Otherwise, the recipient may decide to terminate the session itself, by sending its own fatal alert and closing the session itself immediately after sending it. The use of Alert records is optional, however if it is missing before the session closure, the session may be resumed automatically (with its handshakes).</dd> <dd>Normal closure of a session after termination of the transported application should preferably be alerted with at least the Close notify Alert type (with a simple warning level) to prevent such automatic resume of a new session. Signalling explicitly the normal closure of a secure session before effectively closing its transport layer is useful to prevent or detect attacks (like attempts to truncate the securely transported data, if it intrinsically does not have a predetermined length or duration that the recipient of the secured data may expect).</dd></dl> <table class="wikitable" style="width:90%"> <caption>Alert level types </caption> <tbody><tr> <th scope="col">Code </th> <th scope="col">Level type </th> <th scope="col">Connection state </th></tr> <tr> <th scope="row">1 </th> <td style="background:yellow;text-align:center">warning </td> <td>connection or security may be unstable. </td></tr> <tr> <th scope="row">2 </th> <td style="background:red;text-align:center">fatal </td> <td>connection or security may be compromised, or an unrecoverable error has occurred. </td></tr></tbody></table> <dl><dt>Description</dt> <dd>This field identifies which type of alert is being sent.</dd></dl> <table class="wikitable" style="width:90%"> <caption>Alert description types </caption> <tbody><tr> <th scope="col">Code </th> <th scope="col">Description </th> <th scope="col">Level types </th> <th scope="col">Note </th></tr> <tr> <th scope="row">0 </th> <td>Close notify </td> <td style="background:orange;text-align:center">warning/fatal </td> <td> </td></tr> <tr> <th scope="row">10 </th> <td>Unexpected message </td> <td style="background:red;text-align:center">fatal </td> <td> </td></tr> <tr> <th scope="row">20 </th> <td>Bad record MAC </td> <td style="background:red;text-align:center">fatal </td> <td>Possibly a bad SSL implementation, or payload has been tampered with e.g. FTP firewall rule on <a href="/wiki/FTPS" title="FTPS">FTPS</a> server. </td></tr> <tr> <th scope="row">21 </th> <td>Decryption failed </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only, reserved </td></tr> <tr> <th scope="row">22 </th> <td>Record overflow </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">30 </th> <td>Decompression failure </td> <td style="background:red;text-align:center">fatal </td> <td> </td></tr> <tr> <th scope="row">40 </th> <td>Handshake failure </td> <td style="background:red;text-align:center">fatal </td> <td> </td></tr> <tr> <th scope="row">41 </th> <td>No certificate </td> <td style="background:orange;text-align:center">warning/fatal </td> <td>SSL 3.0 only, reserved </td></tr> <tr> <th scope="row">42 </th> <td>Bad certificate </td> <td style="background:orange;text-align:center">warning/fatal </td> <td> </td></tr> <tr> <th scope="row">43 </th> <td>Unsupported certificate </td> <td style="background:orange;text-align:center">warning/fatal </td> <td>e.g. certificate has only server authentication usage enabled and is presented as a client certificate </td></tr> <tr> <th scope="row">44 </th> <td>Certificate revoked </td> <td style="background:orange;text-align:center">warning/fatal </td> <td> </td></tr> <tr> <th scope="row">45 </th> <td>Certificate expired </td> <td style="background:orange;text-align:center">warning/fatal </td> <td>Check server certificate expire also check no certificate in the chain presented has expired </td></tr> <tr> <th scope="row">46 </th> <td>Certificate unknown </td> <td style="background:orange;text-align:center">warning/fatal </td> <td> </td></tr> <tr> <th scope="row">47 </th> <td>Illegal parameter </td> <td style="background:red;text-align:center">fatal </td> <td> </td></tr> <tr> <th scope="row">48 </th> <td>Unknown CA (<a href="/wiki/Certificate_authority" title="Certificate authority">Certificate authority</a>) </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">49 </th> <td>Access denied </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only – e.g. no client certificate has been presented (TLS: Blank certificate message or SSLv3: No Certificate alert), but server is configured to require one. </td></tr> <tr> <th scope="row">50 </th> <td>Decode error </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">51 </th> <td>Decrypt error </td> <td style="background:orange;text-align:center">warning/fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">60 </th> <td>Export restriction </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only, reserved </td></tr> <tr> <th scope="row">70 </th> <td>Protocol version </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">71 </th> <td>Insufficient security </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">80 </th> <td>Internal error </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">86 </th> <td>Inappropriate fallback </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">90 </th> <td>User canceled </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">100 </th> <td>No renegotiation </td> <td style="background:yellow;text-align:center">warning </td> <td>TLS only </td></tr> <tr> <th scope="row">110 </th> <td>Unsupported extension </td> <td style="background:yellow;text-align:center">warning </td> <td>TLS only </td></tr> <tr> <th scope="row">111 </th> <td>Certificate unobtainable </td> <td style="background:yellow;text-align:center">warning </td> <td>TLS only </td></tr> <tr> <th scope="row">112 </th> <td>Unrecognized name </td> <td style="background:orange;text-align:center">warning/fatal </td> <td>TLS only; client's <a href="/wiki/Server_Name_Indication" title="Server Name Indication">Server Name Indicator</a> specified a <a href="/wiki/Hostname" title="Hostname">hostname</a> not supported by the server </td></tr> <tr> <th scope="row">113 </th> <td>Bad certificate status response </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">114 </th> <td>Bad certificate hash value </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">115 </th> <td>Unknown <a href="/wiki/Pre-shared_key" title="Pre-shared key">PSK</a> identity (used in <a href="/wiki/TLS-PSK" title="TLS-PSK">TLS-PSK</a> and <a href="/wiki/TLS-SRP" title="TLS-SRP">TLS-SRP</a>) </td> <td style="background:red;text-align:center">fatal </td> <td>TLS only </td></tr> <tr> <th scope="row">116 </th> <td>Certificate required </td> <td style="background:red;text-align:center">fatal </td> <td>TLS version 1.3 only </td></tr> <tr> <th scope="row">120 or 255 </th> <td>No application protocol </td> <td style="background:red;text-align:center">fatal </td> <td>TLS version 1.3 only </td></tr></tbody></table> <div class="mw-heading mw-heading4"><h4 id="ChangeCipherSpec_protocol">ChangeCipherSpec protocol</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=53" title="Edit section: ChangeCipherSpec protocol">edit</a>]</div> <table class="wikitable" style="width:95%;text-align:center"> <caption>TLS record format for ChangeCipherSpec protocol </caption> <tbody><tr> <th scope="col">Offset </th> <th scope="col" style="width:22%">Byte+0 </th> <th scope="col" style="width:22%">Byte+1 </th> <th scope="col" style="width:22%">Byte+2 </th> <th scope="col" style="width:22%">Byte+3 </th></tr> <tr> <th scope="row">Byte 0 </th> <td style="background:#dfd">20 </td> <td colspan="3data-sort-value=""" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th scope="row" rowspan="2">Bytes 1–4 </th> <td colspan="2" style="background:#fdd">Legacy version </td> <td colspan="2" style="background:#fdd">Length </td></tr> <tr style="background:#fdd"> <td>(Major) </td> <td>(Minor) </td> <td>0 </td> <td>1 </td></tr> <tr> <th>Byte 5 </th> <td>CCS protocol type </td> <td colspan="3data-sort-value=""" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr></tbody></table> <dl><dt>CCS protocol type</dt> <dd>Currently only 1.</dd></dl> <div class="mw-heading mw-heading4"><h4 id="Application_protocol">Application protocol</h4>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=54" title="Edit section: Application protocol">edit</a>]</div> <table class="wikitable" style="width:95%;text-align:center"> <caption>TLS record format for application protocol </caption> <tbody><tr> <th scope="col">Offset </th> <th scope="col" style="width:22%">Byte+0 </th> <th scope="col" style="width:22%">Byte+1 </th> <th scope="col" style="width:22%">Byte+2 </th> <th scope="col" style="width:22%">Byte+3 </th></tr> <tr> <th scope="row">Byte 0 </th> <td style="background:#dfd">23 </td> <td colspan="3data-sort-value=""" style="background: var(--background-color-interactive, #ececec); color: var(--color-base, inherit); vertical-align: middle; text-align: center;" class="table-na">— </td></tr> <tr> <th scope="row" rowspan="2">Bytes 1–4 </th> <td colspan="2" style="background:#fdd">Legacy version </td> <td colspan="2" style="background:#fdd">Length </td></tr> <tr style="background:#fdd"> <td>(Major) </td> <td>(Minor) </td> <td>(bits 15–8) </td> <td>(bits 7–0) </td></tr> <tr> <th>Bytes 5–(m−1) </th> <td colspan="4">Application data </td></tr> <tr> <th>Bytes m–(p−1) </th> <td colspan="4" style="background:#fbb"><a href="/wiki/Message_authentication_code" title="Message authentication code">MAC</a> (optional) </td></tr> <tr> <th>Bytes p–(q−1) </th> <td colspan="4" style="background:#fbb">Padding (block ciphers only) </td></tr></tbody></table> <dl><dt>Length</dt> <dd>Length of application data (excluding the protocol header and including the MAC and padding trailers)</dd> <dt>MAC</dt> <dd>32 bytes for the <a href="/wiki/SHA-256" class="mw-redirect" title="SHA-256">SHA-256</a>-based <a href="/wiki/HMAC" title="HMAC">HMAC</a>, 20 bytes for the <a href="/wiki/SHA-1" title="SHA-1">SHA-1</a>-based HMAC, 16 bytes for the <a href="/wiki/MD5" title="MD5">MD5</a>-based HMAC.</dd> <dt>Padding</dt> <dd>Variable length; last byte contains the padding length.</dd></dl> <div class="mw-heading mw-heading2"><h2 id="Support_for_name-based_virtual_servers">Support for name-based virtual servers</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=55" title="Edit section: Support for name-based virtual servers">edit</a>]</div> From the application protocol point of view, TLS belongs to a lower layer, although the TCP/IP model is too coarse to show it. This means that the TLS handshake is usually (except in the <a href="/wiki/STARTTLS" class="mw-redirect" title="STARTTLS">STARTTLS</a> case) performed before the application protocol can start. In the <a href="/wiki/Virtual_domain" class="mw-redirect" title="Virtual domain">name-based virtual server</a> feature being provided by the application layer, all co-hosted virtual servers share the same certificate because the server has to select and send a certificate immediately after the ClientHello message. This is a big problem in hosting environments because it means either sharing the same certificate among all customers or using a different IP address for each of them. There are two known workarounds provided by <a href="/wiki/X.509" title="X.509">X.509</a>: <ul><li>If all virtual servers belong to the same domain, a <a href="/wiki/Wildcard_certificate" class="mw-redirect" title="Wildcard certificate">wildcard certificate</a> can be used.<a href="#cite_note-189">[175]</a> Besides the loose host name selection that might be a problem or not, there is no common agreement about how to match wildcard certificates. Different rules are applied depending on the application protocol or software used.<a href="#cite_note-190">[176]</a></li> <li>Add every virtual host name in the subjectAltName extension. The major problem being that the certificate needs to be reissued whenever a new virtual server is added.</li></ul> To provide the server name, <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4366">4366</a> Transport Layer Security (TLS) Extensions allow clients to include a <a href="/wiki/Server_Name_Indication" title="Server Name Indication">Server Name Indication</a> extension (SNI) in the extended ClientHello message. This extension hints to the server immediately which name the client wishes to connect to, so the server can select the appropriate certificate to send to the clients. <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2817">2817</a> also documents a method to implement name-based virtual hosting by upgrading HTTP to TLS via an <a href="/wiki/HTTP/1.1_Upgrade_header" title="HTTP/1.1 Upgrade header">HTTP/1.1 Upgrade header</a>. Normally this is to securely implement HTTP over TLS within the main "http" <a href="/wiki/URI_scheme" class="mw-redirect" title="URI scheme">URI scheme</a> (which avoids forking the URI space and reduces the number of used ports), however, few implementations currently support this.[<a href="/wiki/Wikipedia:Citation_needed" title="Wikipedia:Citation needed">citation needed</a>] <div class="mw-heading mw-heading2"><h2 id="See_also">See also</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=56" title="Edit section: See also">edit</a>]</div> <ul><li><a href="/wiki/Application-Layer_Protocol_Negotiation" title="Application-Layer Protocol Negotiation">Application-Layer Protocol Negotiation</a> – a TLS extension used for SPDY and TLS False Start</li> <li><a href="/wiki/Bullrun_(decryption_program)" title="Bullrun (decryption program)">Bullrun (decryption program)</a> – a secret anti-encryption program run by the U.S. National Security Agency</li> <li><a href="/wiki/Certificate_authority" title="Certificate authority">Certificate authority</a></li> <li><a href="/wiki/Certificate_Transparency" title="Certificate Transparency">Certificate Transparency</a></li> <li><a href="/wiki/Delegated_credential" title="Delegated credential">Delegated credential</a></li> <li><a href="/wiki/HTTP_Strict_Transport_Security" title="HTTP Strict Transport Security">HTTP Strict Transport Security</a> – HSTS</li> <li><a href="/wiki/Key_ring_file" title="Key ring file">Key ring file</a></li> <li><a href="/wiki/Private_Communications_Technology" title="Private Communications Technology">Private Communications Technology</a> (PCT) – a historic Microsoft competitor to SSL 2.0</li> <li><a href="/wiki/QUIC" title="QUIC">QUIC</a> (Quick UDP Internet Connections) – "…was designed to provide security protection equivalent to TLS/SSL"; QUIC's main goal is to improve perceived performance of connection-oriented web applications that are currently using TCP</li> <li><a href="/wiki/Server-Gated_Cryptography" title="Server-Gated Cryptography">Server-Gated Cryptography</a></li> <li><a href="/wiki/Tcpcrypt" title="Tcpcrypt">tcpcrypt</a></li> <li><a href="/wiki/Datagram_Transport_Layer_Security" title="Datagram Transport Layer Security">Datagram Transport Layer Security</a></li> <li><a href="/wiki/TLS_acceleration" title="TLS acceleration">TLS acceleration</a></li></ul> <div class="mw-heading mw-heading2"><h2 id="References">References</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=57" title="Edit section: References">edit</a>]</div> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239543626"><div class="reflist reflist-columns references-column-width" style="column-width: 30em;"> <ol class="references"> <li id="cite_note-1"><a href="#cite_ref-1">^</a> i.e. <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts-15">"Delegated Credentials for (D)TLS"</a>. Ietf. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240626174852/https://datatracker.ietf.org/doc/html/draft-ietf-tls-subcerts-15">Archived</a> from the original on 2024-06-26. Retrieved 2024-06-26.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Ietf&rft.atitle=Delegated+Credentials+for+%28D%29TLS&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Fdraft-ietf-tls-subcerts-15&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-:0-2">^ <a href="#cite_ref-:0_2-0">a</a> <a href="#cite_ref-:0_2-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLawrenceKhare2000" class="citation cs1">Lawrence, Scott; Khare, Rohit (May 2000). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2817">Upgrading to TLS Within HTTP/1.1</a>. Internet Engineering Task Force. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC2817">10.17487/RFC2817</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2817">2817</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Upgrading+to+TLS+Within+HTTP%2F1.1&rft.pub=Internet+Engineering+Task+Force&rft.date=2000-05&rft_id=info%3Adoi%2F10.17487%2FRFC2817&rft.aulast=Lawrence&rft.aufirst=Scott&rft.au=Khare%2C+Rohit&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc2817&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-3"><a href="#cite_ref-3">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc785811(v=ws.10)">"SSL/TLS in Detail"</a>. <a href="/wiki/Microsoft_TechNet" title="Microsoft TechNet">TechNet</a>. <a href="/wiki/Microsoft_Docs" title="Microsoft Docs">Microsoft Docs</a>. October 8, 2009. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220813015525/https://docs.microsoft.com/en-us/previous-versions/windows/it-pro/windows-server-2003/cc785811(v=ws.10)">Archived</a> from the original on 2022-08-13. Retrieved 2021-10-24.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Microsoft+Docs&rft.atitle=SSL%2FTLS+in+Detail&rft.date=2009-10-08&rft_id=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fprevious-versions%2Fwindows%2Fit-pro%2Fwindows-server-2003%2Fcc785811%28v%3Dws.10%29&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-ccnp-4">^ <a href="#cite_ref-ccnp_4-0">a</a> <a href="#cite_ref-ccnp_4-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHooper2012" class="citation book cs1">Hooper, Howard (2012). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=5PJisOKJ0k8C&pg=PA22">CCNP Security VPN 642–648 Official Cert Guide</a> (2 ed.). Cisco Press. p. 22. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/9780132966382" title="Special:BookSources/9780132966382"><bdi>9780132966382</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=CCNP+Security+VPN+642%E2%80%93648+Official+Cert+Guide&rft.pages=22&rft.edition=2&rft.pub=Cisco+Press&rft.date=2012&rft.isbn=9780132966382&rft.aulast=Hooper&rft.aufirst=Howard&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3D5PJisOKJ0k8C%26pg%3DPA22&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-stackex_layer-5">^ <a href="#cite_ref-stackex_layer_5-0">a</a> <a href="#cite_ref-stackex_layer_5-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSpottLeek" class="citation web cs1">Spott, Andrew; Leek, Tom; et al. <a rel="nofollow" class="external text" href="https://security.stackexchange.com/a/93338">"What layer is TLS?"</a>. Information Security Stack Exchange. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210213050549/https://security.stackexchange.com/questions/93333/what-layer-is-tls/93338">Archived</a> from the original on 2021-02-13. Retrieved 2017-04-13.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Information+Security+Stack+Exchange&rft.atitle=What+layer+is+TLS%3F&rft.aulast=Spott&rft.aufirst=Andrew&rft.au=Leek%2C+Tom&rft_id=https%3A%2F%2Fsecurity.stackexchange.com%2Fa%2F93338&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-rfc8446-6">^ <a href="#cite_ref-rfc8446_6-0">a</a> <a href="#cite_ref-rfc8446_6-1">b</a> <a href="#cite_ref-rfc8446_6-2">c</a> <a href="#cite_ref-rfc8446_6-3">d</a> <a href="#cite_ref-rfc8446_6-4">e</a> <a href="#cite_ref-rfc8446_6-5">f</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFE._Rescorla2018" class="citation cs1">E. Rescorla (August 2018). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8446">The Transport Layer Security (TLS) Protocol Version 1.3</a>. <a href="/wiki/IETF" class="mw-redirect" title="IETF">IETF</a> TLS workgroup. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC8446">10.17487/RFC8446</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8446">8446</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=The+Transport+Layer+Security+%28TLS%29+Protocol+Version+1.3&rft.pub=IETF+TLS+workgroup&rft.date=2018-08&rft_id=info%3Adoi%2F10.17487%2FRFC8446&rft.au=E.+Rescorla&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc8446&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> Proposed Standard. Obsoletes <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5077">5077</a>, <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5246">5246</a> and <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6961">6961</a>; updates <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5705">5705</a> and <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6066">6066</a>. </li> <li id="cite_note-RFC_4347-7"><a href="#cite_ref-RFC_4347_7-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRescorlaModadugu2006" class="citation cs1">Rescorla, Eric; Modadugu, Nagendra (April 2006). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4347">Datagram Transport Layer Security</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC4347">10.17487/RFC4347</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4347">4347</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Datagram+Transport+Layer+Security&rft.date=2006-04&rft_id=info%3Adoi%2F10.17487%2FRFC4347&rft.aulast=Rescorla&rft.aufirst=Eric&rft.au=Modadugu%2C+Nagendra&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc4347&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-RFC_6347-8"><a href="#cite_ref-RFC_6347_8-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRescorlaModadugu2012" class="citation cs1">Rescorla, Eric; Modadugu, Nagendra (January 2012). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6347">Datagram Transport Layer Security Version 1.2</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC6347">10.17487/RFC6347</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6347">6347</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Datagram+Transport+Layer+Security+Version+1.2&rft.date=2012-01&rft_id=info%3Adoi%2F10.17487%2FRFC6347&rft.aulast=Rescorla&rft.aufirst=Eric&rft.au=Modadugu%2C+Nagendra&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc6347&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-9"><a href="#cite_ref-9">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFTitz2001" class="citation web cs1">Titz, Olaf (2001-04-23). <a rel="nofollow" class="external text" href="http://sites.inka.de/bigred/devel/tcp-tcp.html">"Why TCP Over TCP Is A Bad Idea"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20230310043036/http://sites.inka.de/bigred/devel/tcp-tcp.html">Archived</a> from the original on 2023-03-10. Retrieved 2015-10-17.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Why+TCP+Over+TCP+Is+A+Bad+Idea&rft.date=2001-04-23&rft.aulast=Titz&rft.aufirst=Olaf&rft_id=http%3A%2F%2Fsites.inka.de%2Fbigred%2Fdevel%2Ftcp-tcp.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-10"><a href="#cite_ref-10">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHonda,_OsamuOhsaki,_HiroyukiImase,_MakotoIshizuka,_Mika2005" class="citation conference cs1">Honda, Osamu; Ohsaki, Hiroyuki; Imase, Makoto; Ishizuka, Mika; Murayama, Junichi (October 2005). "Understanding TCP over TCP: effects of TCP tunneling on end-to-end throughput and latency". In Atiquzzaman, Mohammed; Balandin, Sergey I (eds.). Performance, Quality of Service, and Control of Next-Generation Communication and Sensor Networks III. Vol. 6011. <a href="/wiki/Bibcode_(identifier)" class="mw-redirect" title="Bibcode (identifier)">Bibcode</a>:<a rel="nofollow" class="external text" href="https://ui.adsabs.harvard.edu/abs/2005SPIE.6011..138H">2005SPIE.6011..138H</a>. <a href="/wiki/CiteSeerX_(identifier)" class="mw-redirect" title="CiteSeerX (identifier)">CiteSeerX</a> <a rel="nofollow" class="external text" href="https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.78.5815">10.1.1.78.5815</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1117%2F12.630496">10.1117/12.630496</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:8945952">8945952</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.atitle=Understanding+TCP+over+TCP%3A+effects+of+TCP+tunneling+on+end-to-end+throughput+and+latency&rft.btitle=Performance%2C+Quality+of+Service%2C+and+Control+of+Next-Generation+Communication+and+Sensor+Networks+III&rft.date=2005-10&rft_id=https%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fsummary%3Fdoi%3D10.1.1.78.5815%23id-name%3DCiteSeerX&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A8945952%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1117%2F12.630496&rft_id=info%3Abibcode%2F2005SPIE.6011..138H&rft.au=Honda%2C+Osamu&rft.au=Ohsaki%2C+Hiroyuki&rft.au=Imase%2C+Makoto&rft.au=Ishizuka%2C+Mika&rft.au=Murayama%2C+Junichi&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-11"><a href="#cite_ref-11">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4347">4347</a> § 4 </li> <li id="cite_note-12"><a href="#cite_ref-12">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRescorlaTschofenigModadugu2022" class="citation cs1">Rescorla, Eric; Tschofenig, Hannes; Modadugu, Nagena (April 21, 2022). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9147">The Datagram Transport Layer Security (DTLS) Protocol Version 1.3</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC9147">10.17487/RFC9147</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9147">9147</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=The+Datagram+Transport+Layer+Security+%28DTLS%29+Protocol+Version+1.3&rft.date=2022-04-21&rft_id=info%3Adoi%2F10.17487%2FRFC9147&rft.aulast=Rescorla&rft.aufirst=Eric&rft.au=Tschofenig%2C+Hannes&rft.au=Modadugu%2C+Nagena&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc9147&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-13"><a href="#cite_ref-13">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116312-qanda-anyconnect-00.html">"AnyConnect FAQ: tunnels, reconnect behavior, and the inactivity timer"</a>. <a href="/wiki/Cisco" title="Cisco">Cisco</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170226131243/http://www.cisco.com/c/en/us/support/docs/security/anyconnect-secure-mobility-client/116312-qanda-anyconnect-00.html">Archived</a> from the original on 26 February 2017. Retrieved 26 February 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=AnyConnect+FAQ%3A+tunnels%2C+reconnect+behavior%2C+and+the+inactivity+timer&rft.pub=Cisco&rft_id=http%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Fsupport%2Fdocs%2Fsecurity%2Fanyconnect-secure-mobility-client%2F116312-qanda-anyconnect-00.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-14"><a href="#cite_ref-14">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.cisco.com/c/en/us/td/docs/solutions/Hybrid_Cloud/Intercloud/Intercloud_Fabric/Intercloud_Fabric_2.pdf">"Cisco InterCloud Architectural Overview"</a> (PDF). <a href="/wiki/Cisco_Systems" class="mw-redirect" title="Cisco Systems">Cisco Systems</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220809111605/https://www.cisco.com/c/en/us/td/docs/solutions/Hybrid_Cloud/Intercloud/Intercloud_Fabric/Intercloud_Fabric_2.pdf">Archived</a> (PDF) from the original on 2022-08-09. Retrieved 2022-11-29.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Cisco+InterCloud+Architectural+Overview&rft.pub=Cisco+Systems&rft_id=http%3A%2F%2Fwww.cisco.com%2Fc%2Fen%2Fus%2Ftd%2Fdocs%2Fsolutions%2FHybrid_Cloud%2FIntercloud%2FIntercloud_Fabric%2FIntercloud_Fabric_2.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-15"><a href="#cite_ref-15">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.infradead.org/openconnect/">"OpenConnect"</a>. <a href="/wiki/OpenConnect" title="OpenConnect">OpenConnect</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170202104439/http://www.infradead.org/openconnect/">Archived</a> from the original on 2 February 2017. Retrieved 26 February 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=OpenConnect&rft.pub=OpenConnect&rft_id=https%3A%2F%2Fwww.infradead.org%2Fopenconnect%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-16"><a href="#cite_ref-16">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://help.zscaler.com/z-app/about-z-tunnel-1.0-z-tunnel-2.0">"ZScaler ZTNA 2.0 Tunnel"</a>. <a href="/wiki/ZScaler" class="mw-redirect" title="ZScaler">ZScaler</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20221129041020/https://help.zscaler.com/z-app/about-z-tunnel-1.0-z-tunnel-2.0">Archived</a> from the original on 2022-11-29. Retrieved 2022-11-29.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=ZScaler+ZTNA+2.0+Tunnel&rft.pub=ZScaler&rft_id=https%3A%2F%2Fhelp.zscaler.com%2Fz-app%2Fabout-z-tunnel-1.0-z-tunnel-2.0&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-17"><a href="#cite_ref-17">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://f5.com/glossary/datagram-transport-layer-security-dtls">"f5 Datagram Transport Layer Security (DTLS)"</a>. <a href="/wiki/F5_Networks" class="mw-redirect" title="F5 Networks">f5 Networks</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20221129041024/https://www.f5.com/glossary/datagram-transport-layer-security-dtls">Archived</a> from the original on 2022-11-29. Retrieved 2022-11-29.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=f5+Datagram+Transport+Layer+Security+%28DTLS%29&rft.pub=f5+Networks&rft_id=https%3A%2F%2Ff5.com%2Fglossary%2Fdatagram-transport-layer-security-dtls&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-18"><a href="#cite_ref-18">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://docs.citrix.com/en-us/netscaler/11/traffic-management/ssl/config-ssloffloading/config-dtls-vserver.html">"Configuring a DTLS Virtual Server"</a>. <a href="/wiki/Citrix_Systems" title="Citrix Systems">Citrix Systems</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20161221020000/http://docs.citrix.com/en-us/netscaler/11/traffic-management/ssl/config-ssloffloading/config-dtls-vserver.html">Archived</a> from the original on 2016-12-21. Retrieved 2022-11-29.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Configuring+a+DTLS+Virtual+Server&rft.pub=Citrix+Systems&rft_id=http%3A%2F%2Fdocs.citrix.com%2Fen-us%2Fnetscaler%2F11%2Ftraffic-management%2Fssl%2Fconfig-ssloffloading%2Fconfig-dtls-vserver.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-19"><a href="#cite_ref-19">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20130511043959/https://sites.google.com/site/webrtc/interop">"WebRTC Interop Notes"</a>. Archived from <a rel="nofollow" class="external text" href="https://sites.google.com/site/webrtc/interop">the original</a> on 2013-05-11.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=WebRTC+Interop+Notes&rft_id=https%3A%2F%2Fsites.google.com%2Fsite%2Fwebrtc%2Finterop&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-tls-deprecation-20">^ <a href="#cite_ref-tls-deprecation_20-0">a</a> <a href="#cite_ref-tls-deprecation_20-1">b</a> <a href="#cite_ref-tls-deprecation_20-2">c</a> <a href="#cite_ref-tls-deprecation_20-3">d</a> <a href="#cite_ref-tls-deprecation_20-4">e</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBright2018" class="citation web cs1">Bright, Peter (17 October 2018). <a rel="nofollow" class="external text" href="https://arstechnica.com/gadgets/2018/10/browser-vendors-unite-to-end-support-for-20-year-old-tls-1-0">"Apple, Google, Microsoft, and Mozilla come together to end TLS 1.0"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20181017000107/https://arstechnica.com/gadgets/2018/10/browser-vendors-unite-to-end-support-for-20-year-old-tls-1-0/">Archived</a> from the original on 17 October 2018. Retrieved 17 October 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Apple%2C+Google%2C+Microsoft%2C+and+Mozilla+come+together+to+end+TLS+1.0&rft.date=2018-10-17&rft.aulast=Bright&rft.aufirst=Peter&rft_id=https%3A%2F%2Farstechnica.com%2Fgadgets%2F2018%2F10%2Fbrowser-vendors-unite-to-end-support-for-20-year-old-tls-1-0&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-:3-21">^ <a href="#cite_ref-:3_21-0">a</a> <a href="#cite_ref-:3_21-1">b</a> <a href="#cite_ref-:3_21-2">c</a> <a href="#cite_ref-:3_21-3">d</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ghacks.net/2020/03/10/here-is-what-is-new-and-changed-in-firefox-74-0-stable">"Here is what is new and changed in Firefox 74.0 Stable – gHacks Tech News"</a>. www.ghacks.net. 10 March 2020. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20200311120434/https://www.ghacks.net/2020/03/10/here-is-what-is-new-and-changed-in-firefox-74-0-stable/">Archived</a> from the original on 2020-03-11. Retrieved 2020-03-10.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.ghacks.net&rft.atitle=Here+is+what+is+new+and+changed+in+Firefox+74.0+Stable+%E2%80%93+gHacks+Tech+News&rft.date=2020-03-10&rft_id=https%3A%2F%2Fwww.ghacks.net%2F2020%2F03%2F10%2Fhere-is-what-is-new-and-changed-in-firefox-74-0-stable&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-:4-22">^ <a href="#cite_ref-:4_22-0">a</a> <a href="#cite_ref-:4_22-1">b</a> <a href="#cite_ref-:4_22-2">c</a> <a href="#cite_ref-:4_22-3">d</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://chromestatus.com/feature/5759116003770368">"TLS 1.0 and TLS 1.1 – Chrome Platform Status"</a>. chromestatus.com. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20230707094450/https://chromestatus.com/feature/5759116003770368">Archived</a> from the original on 2023-07-07. Retrieved 2020-03-10.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=chromestatus.com&rft.atitle=TLS+1.0+and+TLS+1.1+%E2%80%93+Chrome+Platform+Status&rft_id=https%3A%2F%2Fchromestatus.com%2Ffeature%2F5759116003770368&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-rfc5246-23">^ <a href="#cite_ref-rfc5246_23-0">a</a> <a href="#cite_ref-rfc5246_23-1">b</a> <a href="#cite_ref-rfc5246_23-2">c</a> <a href="#cite_ref-rfc5246_23-3">d</a> <a href="#cite_ref-rfc5246_23-4">e</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFT._DierksE._Rescorla2008" class="citation cs1">T. Dierks; E. Rescorla (August 2008). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5246">The Transport Layer Security (TLS) Protocol Version 1.2</a>. <a href="/wiki/IETF" class="mw-redirect" title="IETF">IETF</a> TLS workgroup. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC5246">10.17487/RFC5246</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5246">5246</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=The+Transport+Layer+Security+%28TLS%29+Protocol+Version+1.2&rft.pub=IETF+TLS+workgroup&rft.date=2008-08&rft_id=info%3Adoi%2F10.17487%2FRFC5246&rft.au=T.+Dierks&rft.au=E.+Rescorla&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc5246&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> Obsolete. Obsoleted by <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8446">8446</a>; obsoletes <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3268">3268</a>, <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4346">4346</a> and <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4366">4366</a>; updates <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4492">4492</a>. </li> <li id="cite_note-ncsc-24">^ <a href="#cite_ref-ncsc_24-0">a</a> <a href="#cite_ref-ncsc_24-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ncsc.gov.uk/guidance/using-tls-to-protect-data">"Using TLS to protect data"</a>. www.ncsc.gov.uk. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210721072543/http://ncsc.gov.uk/guidance/using-tls-to-protect-data">Archived</a> from the original on July 21, 2021. Retrieved August 24, 2022.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=www.ncsc.gov.uk&rft.atitle=Using+TLS+to+protect+data&rft_id=https%3A%2F%2Fwww.ncsc.gov.uk%2Fguidance%2Fusing-tls-to-protect-data&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-25"><a href="#cite_ref-25">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ietf.org/blog/tls13-adoption">"TLS 1.3: One Year Later"</a>. IETF. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20200708030455/https://www.ietf.org/blog/tls13-adoption">Archived</a> from the original on July 8, 2020. Retrieved August 24, 2022.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=IETF&rft.atitle=TLS+1.3%3A+One+Year+Later&rft_id=https%3A%2F%2Fwww.ietf.org%2Fblog%2Ftls13-adoption&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-26"><a href="#cite_ref-26">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.circleid.com/posts/20190124_creating_tls_the_pioneering_role_of_ruth_nelson">"Creating TLS: The Pioneering Role of Ruth Nelson"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20200624123447/http://www.circleid.com/posts/20190124_creating_tls_the_pioneering_role_of_ruth_nelson/">Archived</a> from the original on 2020-06-24. Retrieved 2020-07-04.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Creating+TLS%3A+The+Pioneering+Role+of+Ruth+Nelson&rft_id=https%3A%2F%2Fwww.circleid.com%2Fposts%2F20190124_creating_tls_the_pioneering_role_of_ruth_nelson&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-Woo94-27"><a href="#cite_ref-Woo94_27-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWooBindignavleSuLam1994" class="citation conference cs1">Woo, Thomas Y. C.; Bindignavle, Raghuram; Su, Shaowen; <a href="/wiki/Simon_S._Lam" title="Simon S. Lam">Lam, Simon S.</a> (June 1994). <a rel="nofollow" class="external text" href="http://www.cs.utexas.edu/users/lam/Vita/Cpapers/WBSL94.pdf">SNP: An interface for secure network programming</a> (PDF). Proceedings USENIX Summer Technical Conference. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20141212000043/http://www.cs.utexas.edu/users/lam/Vita/Cpapers/WBSL94.pdf">Archived</a> (PDF) from the original on 2014-12-12. Retrieved 2023-07-05.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.btitle=SNP%3A+An+interface+for+secure+network+programming&rft.date=1994-06&rft.aulast=Woo&rft.aufirst=Thomas+Y.+C.&rft.au=Bindignavle%2C+Raghuram&rft.au=Su%2C+Shaowen&rft.au=Lam%2C+Simon+S.&rft_id=http%3A%2F%2Fwww.cs.utexas.edu%2Fusers%2Flam%2FVita%2FCpapers%2FWBSL94.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-28"><a href="#cite_ref-28">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.usenix.org/legacy/publications/library/proceedings/bos94/">"1994 USENIX Summer Technical Conference Program, Boston, 6–10 June 1994"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20231006204601/https://www.usenix.org/legacy/publications/library/proceedings/bos94/">Archived</a> from the original on 6 October 2023. Retrieved 21 January 2024.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=1994+USENIX+Summer+Technical+Conference+Program%2C+Boston%2C+6%E2%80%9310+June+1994&rft_id=https%3A%2F%2Fwww.usenix.org%2Flegacy%2Fpublications%2Flibrary%2Fproceedings%2Fbos94%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-29"><a href="#cite_ref-29">^</a> <a href="/wiki/Simon_S._Lam" title="Simon S. Lam">Simon S. Lam</a> (PI/PD), "Applying a Theory of Modules and Interfaces to Security Verification," NSA INFOSEC University Research Program grant no. MDA 904-91-C-7046, 6/28/91 to 6/27/93. </li> <li id="cite_note-30"><a href="#cite_ref-30">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://awards.acm.org/award_winners/lam_1287606.cfm">"2004 ACM Software System Award citation"</a>. <a href="/wiki/Association_for_Computing_Machinery" title="Association for Computing Machinery">ACM</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130617014921/http://awards.acm.org/award_winners/lam_1287606.cfm">Archived</a> from the original on 17 June 2013. Retrieved 25 July 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=2004+ACM+Software+System+Award+citation&rft.pub=ACM&rft_id=https%3A%2F%2Fawards.acm.org%2Faward_winners%2Flam_1287606.cfm&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-31"><a href="#cite_ref-31">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.cs.utexas.edu/~lam/Awards/SoftwareSystemAward/ACM%20Press%20Release,%20March%2015,%202005.htm">"ACM Press Release, March 15, 2005"</a>. <a href="/wiki/Association_for_Computing_Machinery" title="Association for Computing Machinery">ACM</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20160110063723/http://www.cs.utexas.edu/~lam/Awards/SoftwareSystemAward/ACM%20Press%20Release,%20March%2015,%202005.htm">Archived</a> from the original on 10 January 2016. Retrieved 25 July 2012.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=ACM+Press+Release%2C+March+15%2C+2005&rft.pub=ACM&rft_id=https%3A%2F%2Fwww.cs.utexas.edu%2F~lam%2FAwards%2FSoftwareSystemAward%2FACM%2520Press%2520Release%2C%2520March%252015%2C%25202005.htm&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-32"><a href="#cite_ref-32">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.internethalloffame.org/inductee/simon-s-lam">"Internet Hall of Fame inductee Simon S. Lam"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240206211215/https://www.internethalloffame.org/inductee/simon-s-lam/">Archived</a> from the original on 6 February 2024. Retrieved 3 Mar 2024.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Internet+Hall+of+Fame+inductee+Simon+S.+Lam&rft_id=https%3A%2F%2Fwww.internethalloffame.org%2Finductee%2Fsimon-s-lam&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-33"><a href="#cite_ref-33">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://cns.utexas.edu/news/accolades/computer-scientist-inducted-internet-hall-fame">"Computer Scientist Inducted into Internet Hall of Fame"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240308192655/https://cns.utexas.edu/news/accolades/computer-scientist-inducted-internet-hall-fame">Archived</a> from the original on 8 March 2024. Retrieved 3 Mar 2024.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Computer+Scientist+Inducted+into+Internet+Hall+of+Fame&rft_id=https%3A%2F%2Fcns.utexas.edu%2Fnews%2Faccolades%2Fcomputer-scientist-inducted-internet-hall-fame&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-Messmer-34"><a href="#cite_ref-Messmer_34-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMessmer" class="citation news cs1">Messmer, Ellen. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20140531105537/http://www.networkworld.com/news/2012/120412-elgamal-264739.html">"Father of SSL, Dr. Taher Elgamal, Finds Fast-Moving IT Projects in the Middle East"</a>. Network World. Archived from <a rel="nofollow" class="external text" href="http://www.networkworld.com/news/2012/120412-elgamal-264739.html">the original</a> on 31 May 2014. Retrieved 30 May 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Network+World&rft.atitle=Father+of+SSL%2C+Dr.+Taher+Elgamal%2C+Finds+Fast-Moving+IT+Projects+in+the+Middle+East&rft.aulast=Messmer&rft.aufirst=Ellen&rft_id=http%3A%2F%2Fwww.networkworld.com%2Fnews%2F2012%2F120412-elgamal-264739.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-Greene-35"><a href="#cite_ref-Greene_35-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGreene" class="citation news cs1">Greene, Tim. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20140531105257/http://www.networkworld.com/news/2011/101111-elgamal-251806.html">"Father of SSL says despite attacks, the security linchpin has lots of life left"</a>. Network World. Archived from <a rel="nofollow" class="external text" href="http://www.networkworld.com/news/2011/101111-elgamal-251806.html">the original</a> on 31 May 2014. Retrieved 30 May 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Network+World&rft.atitle=Father+of+SSL+says+despite+attacks%2C+the+security+linchpin+has+lots+of+life+left&rft.aulast=Greene&rft.aufirst=Tim&rft_id=http%3A%2F%2Fwww.networkworld.com%2Fnews%2F2011%2F101111-elgamal-251806.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-Oppliger-36">^ <a href="#cite_ref-Oppliger_36-0">a</a> <a href="#cite_ref-Oppliger_36-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFOppliger2016" class="citation book cs1">Oppliger, Rolf (2016). <a rel="nofollow" class="external text" href="https://books.google.com/books?id=jm6uDgAAQBAJ&pg=PA15">"Introduction"</a>. SSL and TLS: Theory and Practice (2nd ed.). <a href="/wiki/Artech_House" title="Artech House">Artech House</a>. p. 13. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-60807-999-5" title="Special:BookSources/978-1-60807-999-5"><bdi>978-1-60807-999-5</bdi></a>. Retrieved 2018-03-01 – via Google Books.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=Introduction&rft.btitle=SSL+and+TLS%3A+Theory+and+Practice&rft.pages=13&rft.edition=2nd&rft.pub=Artech+House&rft.date=2016&rft.isbn=978-1-60807-999-5&rft.aulast=Oppliger&rft.aufirst=Rolf&rft_id=https%3A%2F%2Fbooks.google.com%2Fbooks%3Fid%3Djm6uDgAAQBAJ%26pg%3DPA15&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-37"><a href="#cite_ref-37">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/19970614020952/http://home.netscape.com/newsref/std/SSL.html">"THE SSL PROTOCOL"</a>. Netscape Corporation. 2007. Archived from <a rel="nofollow" class="external text" href="http://home.netscape.com/newsref/std/SSL.html">the original</a> on 14 June 1997.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=THE+SSL+PROTOCOL&rft.pub=Netscape+Corporation&rft.date=2007&rft_id=http%3A%2F%2Fhome.netscape.com%2Fnewsref%2Fstd%2FSSL.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-38"><a href="#cite_ref-38">^</a> <a href="#CITEREFRescorla2001">Rescorla 2001</a> </li> <li id="cite_note-Poodle-39"><a href="#cite_ref-Poodle_39-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://access.redhat.com/articles/1232123">"POODLE: SSLv3 vulnerability (CVE-2014-3566)"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20141205124712/https://access.redhat.com/articles/1232123">Archived</a> from the original on 5 December 2014. Retrieved 21 October 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=POODLE%3A+SSLv3+vulnerability+%28CVE-2014-3566%29&rft_id=https%3A%2F%2Faccess.redhat.com%2Farticles%2F1232123&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-40"><a href="#cite_ref-40">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html">"Security Standards and Name Changes in the Browser Wars"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20200229221707/http://tim.dierks.org/2014/05/security-standards-and-name-changes-in.html">Archived</a> from the original on 2020-02-29. Retrieved 2020-02-29.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Security+Standards+and+Name+Changes+in+the+Browser+Wars&rft_id=http%3A%2F%2Ftim.dierks.org%2F2014%2F05%2Fsecurity-standards-and-name-changes-in.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-41"><a href="#cite_ref-41">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLaura_K._Gray2015" class="citation web cs1">Laura K. Gray (2015-12-18). <a rel="nofollow" class="external text" href="https://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls">"Date Change for Migrating from SSL and Early TLS"</a>. <a href="/wiki/Payment_Card_Industry_Security_Standards_Council" title="Payment Card Industry Security Standards Council">Payment Card Industry Security Standards Council</a> blog. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20151220190802/http://blog.pcisecuritystandards.org/migrating-from-ssl-and-early-tls">Archived</a> from the original on 2015-12-20. Retrieved 2018-04-05.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Payment+Card+Industry+Security+Standards+Council+blog&rft.atitle=Date+Change+for+Migrating+from+SSL+and+Early+TLS&rft.date=2015-12-18&rft.au=Laura+K.+Gray&rft_id=https%3A%2F%2Fblog.pcisecuritystandards.org%2Fmigrating-from-ssl-and-early-tls&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-42"><a href="#cite_ref-42">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.forbes.com/sites/thesba/2018/05/30/changes-to-pci-compliance-are-coming-june-30-is-your-ecommerce-business-ready">"Changes to PCI Compliance are Coming June 30. Is Your Ecommerce Business Ready?"</a>. Forbes. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180621020422/https://www.forbes.com/sites/thesba/2018/05/30/changes-to-pci-compliance-are-coming-june-30-is-your-ecommerce-business-ready/">Archived</a> from the original on 2018-06-21. Retrieved 2018-06-20.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Forbes&rft.atitle=Changes+to+PCI+Compliance+are+Coming+June+30.+Is+Your+Ecommerce+Business+Ready%3F&rft_id=https%3A%2F%2Fwww.forbes.com%2Fsites%2Fthesba%2F2018%2F05%2F30%2Fchanges-to-pci-compliance-are-coming-june-30-is-your-ecommerce-business-ready&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-rfc4346-43"><a href="#cite_ref-rfc4346_43-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFT._DierksE._Rescorla2006" class="citation cs1">T. Dierks; E. Rescorla (April 2006). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4346">The Transport Layer Security (TLS) Protocol Version 1.1</a>. <a href="/wiki/IETF" class="mw-redirect" title="IETF">IETF</a> TLS workgroup. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC4346">10.17487/RFC4346</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4346">4346</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=The+Transport+Layer+Security+%28TLS%29+Protocol+Version+1.1&rft.pub=IETF+TLS+workgroup&rft.date=2006-04&rft_id=info%3Adoi%2F10.17487%2FRFC4346&rft.au=T.+Dierks&rft.au=E.+Rescorla&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc4346&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> Historic. Obsoleted by <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5246">5246</a>. Obsoletes <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222">RFC <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2246">2246</a>. </li> <li id="cite_note-urlnvlpubs.nist.gov-44">^ <a href="#cite_ref-urlnvlpubs.nist.gov_44-0">a</a> <a href="#cite_ref-urlnvlpubs.nist.gov_44-1">b</a> <a href="#cite_ref-urlnvlpubs.nist.gov_44-2">c</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4">"Transport Layer Security Parameters – Cipher Suites"</a>. Internet Assigned Numbers Authority (IANA). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20161221223613/http://www.iana.org/assignments/tls-parameters/tls-parameters.xhtml#tls-parameters-4">Archived</a> from the original on 2016-12-21. Retrieved 2022-12-16.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Internet+Assigned+Numbers+Authority+%28IANA%29&rft.atitle=Transport+Layer+Security+Parameters+%E2%80%93+Cipher+Suites&rft_id=https%3A%2F%2Fwww.iana.org%2Fassignments%2Ftls-parameters%2Ftls-parameters.xhtml%23tls-parameters-4&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-45"><a href="#cite_ref-45">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMackie" class="citation web cs1">Mackie, Kurt. <a rel="nofollow" class="external text" href="https://mcpmag.com/articles/2020/04/02/microsoft-tls-1-0-and-1-1.aspx">"Microsoft Delays End of Support for TLS 1.0 and 1.1 -"</a>. Microsoft Certified Professional Magazine Online. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210614004948/https://mcpmag.com/articles/2020/04/02/microsoft-tls-1-0-and-1-1.aspx">Archived</a> from the original on 2021-06-14. Retrieved 2021-06-14.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Microsoft+Certified+Professional+Magazine+Online&rft.atitle=Microsoft+Delays+End+of+Support+for+TLS+1.0+and+1.1+-&rft.aulast=Mackie&rft.aufirst=Kurt&rft_id=https%3A%2F%2Fmcpmag.com%2Farticles%2F2020%2F04%2F02%2Fmicrosoft-tls-1-0-and-1-1.aspx&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-46"><a href="#cite_ref-46">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://answers.psionline.com/knowledgebase/tls-1-2-faq">"TLS 1.2 FAQ – Knowledge Base"</a>. Answers.psionline.com. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220220051112/https://answers.psionline.com/knowledgebase/tls-1-2-faq/">Archived</a> from the original on 20 February 2022. Retrieved 20 February 2022.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Answers.psionline.com&rft.atitle=TLS+1.2+FAQ+%E2%80%93+Knowledge+Base&rft_id=https%3A%2F%2Fanswers.psionline.com%2Fknowledgebase%2Ftls-1-2-faq&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-WolfSSL,_2019-47"><a href="#cite_ref-WolfSSL,_2019_47-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20190919000200/https://www.wolfssl.com/differences-between-tls-12-and-tls-13-9">"Differences between TLS 1.2 and TLS 1.3 (#TLS13)"</a>. WolfSSL. 2019-09-18. Archived from <a rel="nofollow" class="external text" href="https://www.wolfssl.com/differences-between-tls-12-and-tls-13-9">the original</a> on 2019-09-19. Retrieved 2019-09-18.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=WolfSSL&rft.atitle=Differences+between+TLS+1.2+and+TLS+1.3+%28%23TLS13%29&rft.date=2019-09-18&rft_id=https%3A%2F%2Fwww.wolfssl.com%2Fdifferences-between-tls-12-and-tls-13-9&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-48"><a href="#cite_ref-48">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://datatracker.ietf.org/meeting/116/materials/slides-116-tls-null-encryption-and-key-exchange-without-forward-secrecy-are-discouraged-00">"Archived copy"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20240317154304/https://datatracker.ietf.org/meeting/116/materials/slides-116-tls-null-encryption-and-key-exchange-without-forward-secrecy-are-discouraged-00">Archived</a> from the original on 2024-03-17. Retrieved 2024-03-17.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Archived+copy&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fmeeting%2F116%2Fmaterials%2Fslides-116-tls-null-encryption-and-key-exchange-without-forward-secrecy-are-discouraged-00&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"><code class="cs1-code">{{<a href="/wiki/Template:Cite_web" title="Template:Cite web">cite web</a>}}</code>: CS1 maint: archived copy as title (<a href="/wiki/Category:CS1_maint:_archived_copy_as_title" title="Category:CS1 maint: archived copy as title">link</a>) </li> <li id="cite_note-NSS-3.29-49"><a href="#cite_ref-NSS-3.29_49-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29_release_notes">"NSS 3.29 release notes"</a>. Mozilla Developer Network. February 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170222052829/https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/NSS_3.29_release_notes">Archived</a> from the original on 2017-02-22.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=NSS+3.29+release+notes&rft.pub=Mozilla+Developer+Network&rft.date=2017-02&rft_id=https%3A%2F%2Fdeveloper.mozilla.org%2Fen-US%2Fdocs%2FMozilla%2FProjects%2FNSS%2FNSS_3.29_release_notes&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-50"><a href="#cite_ref-50">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://bugzilla.mozilla.org/show_bug.cgi?id=1310516">"Enable TLS 1.3 by default"</a>. Bugzilla@Mozilla. 16 October 2016. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180812021410/https://bugzilla.mozilla.org/show_bug.cgi?id=1310516">Archived</a> from the original on 12 August 2018. Retrieved 10 October 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Enable+TLS+1.3+by+default&rft.pub=Bugzilla%40Mozilla&rft.date=2016-10-16&rft_id=https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid%3D1310516&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-51"><a href="#cite_ref-51">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.mozilla.org/en-US/firefox/60.0/releasenotes">"Firefox — Notes (60.0)"</a>. Mozilla. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180509230339/https://www.mozilla.org/en-US/firefox/60.0/releasenotes/">Archived</a> from the original on 2018-05-09. Retrieved 2018-05-10.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Mozilla&rft.atitle=Firefox+%E2%80%94+Notes+%2860.0%29&rft_id=https%3A%2F%2Fwww.mozilla.org%2Fen-US%2Ffirefox%2F60.0%2Freleasenotes&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-52"><a href="#cite_ref-52">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://bluecoat.force.com/knowledgebase/articles/Technical_Alert/000032878">"ProxySG, ASG and WSS will interrupt SSL connections when clients using TLS 1.3 access sites also using TLS 1.3"</a>. BlueTouch Online. 16 May 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170912061432/http://bluecoat.force.com/knowledgebase/articles/Technical_Alert/000032878">Archived</a> from the original on 12 September 2017. Retrieved 11 September 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=BlueTouch+Online&rft.atitle=ProxySG%2C+ASG+and+WSS+will+interrupt+SSL+connections+when+clients+using+TLS+1.3+access+sites+also+using+TLS+1.3&rft.date=2017-05-16&rft_id=http%3A%2F%2Fbluecoat.force.com%2Fknowledgebase%2Farticles%2FTechnical_Alert%2F000032878&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-53"><a href="#cite_ref-53">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSullivan2017" class="citation web cs1">Sullivan, Nick (2017-12-26). <a rel="nofollow" class="external text" href="https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/">"Why TLS 1.3 isn't in browsers yet"</a>. The Cloudflare Blog. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20171226210134/https://blog.cloudflare.com/why-tls-1-3-isnt-in-browsers-yet/">Archived</a> from the original on 2017-12-26. Retrieved 2020-03-14.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Cloudflare+Blog&rft.atitle=Why+TLS+1.3+isn%27t+in+browsers+yet&rft.date=2017-12-26&rft.aulast=Sullivan&rft.aufirst=Nick&rft_id=https%3A%2F%2Fblog.cloudflare.com%2Fwhy-tls-1-3-isnt-in-browsers-yet%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-Thomson-54">^ <a href="#cite_ref-Thomson_54-0">a</a> <a href="#cite_ref-Thomson_54-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFThomsonPauly2021" class="citation cs1">Thomson, Martin; Pauly, Tommy (December 2021). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9170">Long-Term Viability of Protocol Extension Mechanisms</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC9170">10.17487/RFC9170</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9170">9170</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Long-Term+Viability+of+Protocol+Extension+Mechanisms&rft.date=2021-12&rft_id=info%3Adoi%2F10.17487%2FRFC9170&rft.aulast=Thomson&rft.aufirst=Martin&rft.au=Pauly%2C+Tommy&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc9170&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-55"><a href="#cite_ref-55">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20180115220635/https://datatracker.ietf.org/meeting/100/materials/slides-100-hackathon-sessa-tls-13">"TLS 1.3 IETF 100 Hackathon"</a>. Archived from <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/meeting/100/materials/slides-100-hackathon-sessa-tls-13">the original</a> on 2018-01-15.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=TLS+1.3+IETF+100+Hackathon&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fmeeting%2F100%2Fmaterials%2Fslides-100-hackathon-sessa-tls-13&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-ietf-hackathon-56">^ <a href="#cite_ref-ietf-hackathon_56-0">a</a> <a href="#cite_ref-ietf-hackathon_56-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFIETF_–_Internet_Engineering_Task_Force2017" class="citation cs2">IETF – Internet Engineering Task Force (2017-11-12), <a rel="nofollow" class="external text" href="https://ghostarchive.org/varchive/youtube/20211028/33XW5yzjtME">IETF Hackathon Presentations and Awards</a>, archived from <a rel="nofollow" class="external text" href="https://www.youtube.com/watch?v=33XW5yzjtME&t=2338">the original</a> on 2021-10-28, retrieved 2017-11-14</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=IETF+Hackathon+Presentations+and+Awards&rft.date=2017-11-12&rft.au=IETF+%E2%80%93+Internet+Engineering+Task+Force&rft_id=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3D33XW5yzjtME%26t%3D2338&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-57"><a href="#cite_ref-57">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2018/03/27/with_tls_13_signed_off_its_implementation_time">"Hurrah! TLS 1.3 is here. Now to implement it and put it into software"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180327213242/https://www.theregister.co.uk/2018/03/27/with_tls_13_signed_off_its_implementation_time/">Archived</a> from the original on 2018-03-27. Retrieved 2018-03-28.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.atitle=Hurrah%21+TLS+1.3+is+here.+Now+to+implement+it+and+put+it+into+software&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2018%2F03%2F27%2Fwith_tls_13_signed_off_its_implementation_time&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-58"><a href="#cite_ref-58">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFIETF_–_Internet_Engineering_Task_Force2018" class="citation cs2">IETF – Internet Engineering Task Force (2018-07-15), <a rel="nofollow" class="external text" href="https://ghostarchive.org/varchive/youtube/20211028/u6rz4PWA_As">IETF102-HACKATHON-20180715-1400</a>, archived from <a rel="nofollow" class="external text" href="https://www.youtube.com/watch?v=u6rz4PWA_As&t=4526">the original</a> on 2021-10-28, retrieved 2018-07-18</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=IETF102-HACKATHON-20180715-1400&rft.date=2018-07-15&rft.au=IETF+%E2%80%93+Internet+Engineering+Task+Force&rft_id=https%3A%2F%2Fwww.youtube.com%2Fwatch%3Fv%3Du6rz4PWA_As%26t%3D4526&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-59"><a href="#cite_ref-59">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.wolfssl.com/wolfssl-tls-1-3-beta-release-now-available">"wolfSSL TLS 1.3 BETA Release Now Available"</a>. info@wolfssl.com. 11 May 2017. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180709065543/https://www.wolfssl.com/wolfssl-tls-1-3-beta-release-now-available/">Archived</a> from the original on 9 July 2018. Retrieved 11 May 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=wolfSSL+TLS+1.3+BETA+Release+Now+Available&rft.pub=info%40wolfssl.com&rft.date=2017-05-11&rft_id=https%3A%2F%2Fwww.wolfssl.com%2Fwolfssl-tls-1-3-beta-release-now-available&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-60"><a href="#cite_ref-60">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.wolfssl.com/docs/tls13">"TLS 1.3 PROTOCOL SUPPORT"</a>. info@wolfssl.com. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180709065545/https://www.wolfssl.com/docs/tls13/">Archived</a> from the original on 2018-07-09. Retrieved 2018-07-09.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=TLS+1.3+PROTOCOL+SUPPORT&rft.pub=info%40wolfssl.com&rft_id=https%3A%2F%2Fwww.wolfssl.com%2Fdocs%2Ftls13&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-61"><a href="#cite_ref-61">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.wolfssl.com/tls-1-3-draft-28-support-wolfssl">"TLS 1.3 Draft 28 Support in wolfSSL"</a>. info@wolfssl.com. 14 June 2018. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180709065545/https://www.wolfssl.com/tls-1-3-draft-28-support-wolfssl/">Archived</a> from the original on 9 July 2018. Retrieved 14 June 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=TLS+1.3+Draft+28+Support+in+wolfSSL&rft.pub=info%40wolfssl.com&rft.date=2018-06-14&rft_id=https%3A%2F%2Fwww.wolfssl.com%2Ftls-1-3-draft-28-support-wolfssl&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-62"><a href="#cite_ref-62">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://openssl-library.org/post/2018-09-11-release111/">"OpenSSL 1.1.1 Is Released"</a>. Matt Caswell. 11 Sep 2018. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20181208141108/https://www.openssl.org/blog/blog/2018/09/11/release111/">Archived</a> from the original on 8 December 2018. Retrieved 2024-10-11.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=OpenSSL+1.1.1+Is+Released&rft.pub=Matt+Caswell&rft.date=2018-09-11&rft_id=https%3A%2F%2Fopenssl-library.org%2Fpost%2F2018-09-11-release111%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-63"><a href="#cite_ref-63">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-">"Protocols in TLS/SSL (Schannel SSP)"</a>. Microsoft Docs. May 25, 2022. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20230125160351/https://learn.microsoft.com/en-us/windows/win32/secauthn/protocols-in-tls-ssl--schannel-ssp-">Archived</a> from the original on 25 January 2023. Retrieved 21 February 2023.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Microsoft+Docs&rft.atitle=Protocols+in+TLS%2FSSL+%28Schannel+SSP%29&rft.date=2022-05-25&rft_id=https%3A%2F%2Flearn.microsoft.com%2Fen-us%2Fwindows%2Fwin32%2Fsecauthn%2Fprotocols-in-tls-ssl--schannel-ssp-&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-:5-64">^ <a href="#cite_ref-:5_64-0">a</a> <a href="#cite_ref-:5_64-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHoffman-Andrews2019" class="citation web cs1">Hoffman-Andrews, Jacob (2019-02-26). <a rel="nofollow" class="external text" href="https://www.eff.org/deeplinks/2019/02/ets-isnt-tls-and-you-shouldnt-use-it">"ETS Isn't TLS and You Shouldn't Use It"</a>. <a href="/wiki/Electronic_Frontier_Foundation" title="Electronic Frontier Foundation">Electronic Frontier Foundation</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190226214559/https://www.eff.org/deeplinks/2019/02/ets-isnt-tls-and-you-shouldnt-use-it">Archived</a> from the original on 2019-02-26. Retrieved 2019-02-27.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Electronic+Frontier+Foundation&rft.atitle=ETS+Isn%27t+TLS+and+You+Shouldn%27t+Use+It&rft.date=2019-02-26&rft.aulast=Hoffman-Andrews&rft.aufirst=Jacob&rft_id=https%3A%2F%2Fwww.eff.org%2Fdeeplinks%2F2019%2F02%2Fets-isnt-tls-and-you-shouldnt-use-it&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-65"><a href="#cite_ref-65">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation book cs1"><a rel="nofollow" class="external text" href="https://www.etsi.org/deliver/etsi_ts/103500_103599/10352303/01.01.01_60/ts_10352303v010101p.pdf#page=5">TS 103 523-3 – V1.1.1 – CYBER; Middlebox Security Protocol; Part 3: Profile for enterprise network and data centre access control</a> (<a href="/wiki/PDF" title="PDF">PDF</a>). <a href="/wiki/ETSI" class="mw-redirect" title="ETSI">ETSI</a>.org. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20181114104718/https://www.etsi.org/deliver/etsi_ts/103500_103599/10352303/01.01.01_60/ts_10352303v010101p.pdf">Archived</a> (PDF) from the original on November 14, 2018.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=TS+103+523-3+%E2%80%93+V1.1.1+%E2%80%93+CYBER%3B+Middlebox+Security+Protocol%3B+Part+3%3A+Profile+for+enterprise+network+and+data+centre+access+control&rft.pub=ETSI.org&rft_id=https%3A%2F%2Fwww.etsi.org%2Fdeliver%2Fetsi_ts%2F103500_103599%2F10352303%2F01.01.01_60%2Fts_10352303v010101p.pdf%23page%3D5&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-66"><a href="#cite_ref-66">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCory_Doctorow2019" class="citation web cs1"><a href="/wiki/Cory_Doctorow" title="Cory Doctorow">Cory Doctorow</a> (February 26, 2019). <a rel="nofollow" class="external text" href="https://boingboing.net/2019/02/26/monumental-recklessness.html">"Monumental Recklessness"</a>. <a href="/wiki/Boing_Boing" title="Boing Boing">Boing Boing</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190227071044/http://boingboing.net/2019/02/26/monumental-recklessness.html">Archived</a> from the original on February 27, 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Boing+Boing&rft.atitle=Monumental+Recklessness&rft.date=2019-02-26&rft.au=Cory+Doctorow&rft_id=https%3A%2F%2Fboingboing.net%2F2019%2F02%2F26%2Fmonumental-recklessness.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-67"><a href="#cite_ref-67">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRea2013" class="citation web cs1">Rea, Scott (2013). <a rel="nofollow" class="external text" href="https://www.rsaconference.com/writable/presentations/file_upload/sec-t02_final.pdf">"Alternatives to Certification Authorities for a Secure Web"</a> (PDF). RSA Conference Asia Pacific. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20161007222635/https://www.rsaconference.com/writable/presentations/file_upload/sec-t02_final.pdf">Archived</a> (PDF) from the original on 7 October 2016. Retrieved 7 September 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Alternatives+to+Certification+Authorities+for+a+Secure+Web&rft.pub=RSA+Conference+Asia+Pacific&rft.date=2013&rft.aulast=Rea&rft.aufirst=Scott&rft_id=https%3A%2F%2Fwww.rsaconference.com%2Fwritable%2Fpresentations%2Ffile_upload%2Fsec-t02_final.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-68"><a href="#cite_ref-68">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20150516035536/http://news.netcraft.com/archives/2015/05/13/counting-ssl-certificates.html">"Counting SSL certificates"</a>. Archived from <a rel="nofollow" class="external text" href="https://news.netcraft.com/archives/2015/05/13/counting-ssl-certificates.html">the original</a> on 16 May 2015. Retrieved 20 February 2022.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Counting+SSL+certificates&rft_id=https%3A%2F%2Fnews.netcraft.com%2Farchives%2F2015%2F05%2F13%2Fcounting-ssl-certificates.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-69"><a href="#cite_ref-69">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRaymond2017" class="citation news cs1">Raymond, Art (3 August 2017). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180929171244/https://www.deseretnews.com/article/865686081/Lehis-DigiCert-swallows-web-security-competitor-in-1-billion-deal.html">"Lehi's DigiCert swallows web security competitor in $1 billion deal"</a>. Deseret News. Archived from <a rel="nofollow" class="external text" href="https://www.deseretnews.com/article/865686081/Lehis-DigiCert-swallows-web-security-competitor-in-1-billion-deal.html">the original</a> on 29 September 2018. Retrieved 21 May 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Deseret+News&rft.atitle=Lehi%27s+DigiCert+swallows+web+security+competitor+in+%241+billion+deal&rft.date=2017-08-03&rft.aulast=Raymond&rft.aufirst=Art&rft_id=https%3A%2F%2Fwww.deseretnews.com%2Farticle%2F865686081%2FLehis-DigiCert-swallows-web-security-competitor-in-1-billion-deal.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-70"><a href="#cite_ref-70">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://w3techs.com/technologies/history_overview/ssl_certificate">"Market share trends for SSL certificate authorities"</a>. W3Techs. Retrieved 21 May 2020.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=W3Techs&rft.atitle=Market+share+trends+for+SSL+certificate+authorities&rft_id=https%3A%2F%2Fw3techs.com%2Ftechnologies%2Fhistory_overview%2Fssl_certificate&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-71"><a href="#cite_ref-71">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRyan_Singel2010" class="citation magazine cs1"><a href="/wiki/Ryan_Singel" title="Ryan Singel">Ryan Singel</a> (March 24, 2010). <a rel="nofollow" class="external text" href="https://www.wired.com/threatlevel/2010/03/packet-forensics">"Law Enforcement Appliance Subverts SSL"</a>. <a href="/wiki/Wired_(magazine)" title="Wired (magazine)">wired</a>.com. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20140412151324/http://www.wired.com/threatlevel/2010/03/packet-forensics">Archived</a> from the original on April 12, 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=wired.com&rft.atitle=Law+Enforcement+Appliance+Subverts+SSL&rft.date=2010-03-24&rft.au=Ryan+Singel&rft_id=https%3A%2F%2Fwww.wired.com%2Fthreatlevel%2F2010%2F03%2Fpacket-forensics&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-72"><a href="#cite_ref-72">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSeth_Schoen2010" class="citation web cs1"><a href="/wiki/Seth_Schoen" class="mw-redirect" title="Seth Schoen">Seth Schoen</a> (March 24, 2010). <a rel="nofollow" class="external text" href="https://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl">"New Research Suggests That Governments May Fake SSL Certificates"</a>. <a href="/wiki/Electronic_Frontier_Foundation" title="Electronic Frontier Foundation">EFF</a>.org. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20100325223422/http://www.eff.org/deeplinks/2010/03/researchers-reveal-likelihood-governments-fake-ssl">Archived</a> from the original on March 25, 2010.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=EFF.org&rft.atitle=New+Research+Suggests+That+Governments+May+Fake+SSL+Certificates&rft.date=2010-03-24&rft.au=Seth+Schoen&rft_id=https%3A%2F%2Fwww.eff.org%2Fdeeplinks%2F2010%2F03%2Fresearchers-reveal-likelihood-governments-fake-ssl&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-RFC4279-73"><a href="#cite_ref-RFC4279_73-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFP._Eronen,_Ed.2005" class="citation cs1">P. Eronen, Ed. (December 2005). Eronen, P; Tschofenig, H (eds.). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4279">Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)</a>. Internet Engineering Task Force. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC4279">10.17487/RFC4279</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4279">4279</a>. Retrieved 9 September 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Pre-Shared+Key+Ciphersuites+for+Transport+Layer+Security+%28TLS%29&rft.pub=Internet+Engineering+Task+Force&rft.date=2005-12&rft_id=info%3Adoi%2F10.17487%2FRFC4279&rft.au=P.+Eronen%2C+Ed.&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc4279&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-RFC5054-74"><a href="#cite_ref-RFC5054_74-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFD._Taylor,_Ed.2007" class="citation cs1">D. Taylor, Ed. (November 2007). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5054">Using the Secure Remote Password (SRP) Protocol for TLS Authentication</a>. Internet Engineering Task Force. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC5054">10.17487/RFC5054</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5054">5054</a>. Retrieved December 21, 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Using+the+Secure+Remote+Password+%28SRP%29+Protocol+for+TLS+Authentication&rft.pub=Internet+Engineering+Task+Force&rft.date=2007-11&rft_id=info%3Adoi%2F10.17487%2FRFC5054&rft.au=D.+Taylor%2C+Ed.&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc5054&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-75"><a href="#cite_ref-75">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGothard2013" class="citation web cs1">Gothard, Peter (31 July 2013). <a rel="nofollow" class="external text" href="http://www.computing.co.uk/ctg/news/2285984/google-updates-ssl-certificates-to-2048bit-encryption">"Google updates SSL certificates to 2048-bit encryption"</a>. Computing. Incisive Media. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130922082322/http://www.computing.co.uk/ctg/news/2285984/google-updates-ssl-certificates-to-2048bit-encryption">Archived</a> from the original on 22 September 2013. Retrieved 9 September 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Computing&rft.atitle=Google+updates+SSL+certificates+to+2048-bit+encryption&rft.date=2013-07-31&rft.aulast=Gothard&rft.aufirst=Peter&rft_id=http%3A%2F%2Fwww.computing.co.uk%2Fctg%2Fnews%2F2285984%2Fgoogle-updates-ssl-certificates-to-2048bit-encryption&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-76"><a href="#cite_ref-76">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="http://searchsecurity.techtarget.com/answer/From-1024-to-2048-bit-The-security-effect-of-encryption-key-length">"The value of 2,048-bit encryption: Why encryption key length matters"</a>. SearchSecurity. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20180116081141/http://searchsecurity.techtarget.com/answer/From-1024-to-2048-bit-The-security-effect-of-encryption-key-length">Archived</a> from the original on 2018-01-16. Retrieved 2017-12-18.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=SearchSecurity&rft.atitle=The+value+of+2%2C048-bit+encryption%3A+Why+encryption+key+length+matters&rft_id=http%3A%2F%2Fsearchsecurity.techtarget.com%2Fanswer%2FFrom-1024-to-2048-bit-The-security-effect-of-encryption-key-length&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-77"><a href="#cite_ref-77">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSean_Turner2015" class="citation web cs1">Sean Turner (September 17, 2015). <a rel="nofollow" class="external text" href="https://www.ietf.org/mail-archive/web/tls/current/msg17680.html">"Consensus: remove DSA from TLS 1.3"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20151003193113/http://www.ietf.org/mail-archive/web/tls/current/msg17680.html">Archived</a> from the original on October 3, 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Consensus%3A+remove+DSA+from+TLS+1.3&rft.date=2015-09-17&rft.au=Sean+Turner&rft_id=https%3A%2F%2Fwww.ietf.org%2Fmail-archive%2Fweb%2Ftls%2Fcurrent%2Fmsg17680.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-78"><a href="#cite_ref-78">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8422">8422</a> </li> <li id="cite_note-gostlink-79">^ <a href="#cite_ref-gostlink_79-0">a</a> <a href="#cite_ref-gostlink_79-1">b</a> <a href="#cite_ref-gostlink_79-2">c</a> <a href="#cite_ref-gostlink_79-3">d</a> <a href="#cite_ref-gostlink_79-4">e</a> <a href="#cite_ref-gostlink_79-5">f</a> <a href="#cite_ref-gostlink_79-6">g</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5830">5830</a>, <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6986">6986</a>, <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7091">7091</a>, <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7801">7801</a>, <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8891">8891</a> </li> <li id="cite_note-aes-gcm-84"><a href="#cite_ref-aes-gcm_84-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5288">5288</a>, <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5289">5289</a> </li> <li id="cite_note-aes-ccm-86"><a href="#cite_ref-aes-ccm_86-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6655">6655</a>, <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7251">7251</a> </li> <li id="cite_note-camellia-gcm-88"><a href="#cite_ref-camellia-gcm_88-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6367">6367</a> </li> <li id="cite_note-camellia-cbc-89"><a href="#cite_ref-camellia-cbc_89-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5932">5932</a>, <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6367">6367</a> </li> <li id="cite_note-aria-90">^ <a href="#cite_ref-aria_90-0">a</a> <a href="#cite_ref-aria_90-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6209">6209</a> </li> <li id="cite_note-seed-cbc-91"><a href="#cite_ref-seed-cbc_91-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4162">4162</a> </li> <li id="cite_note-Sweet32-92"><a href="#cite_ref-Sweet32_92-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://sweet32.info/SWEET32_CCS16.pdf">"On the Practical (In-)Security of 64-bit Block Ciphers — Collision Attacks on HTTP over TLS and OpenVPN"</a> (PDF). 2016-10-28. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170424021101/https://sweet32.info/SWEET32_CCS16.pdf">Archived</a> (PDF) from the original on 2017-04-24. Retrieved 2017-06-08.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=On+the+Practical+%28In-%29Security+of+64-bit+Block+Ciphers+%E2%80%94+Collision+Attacks+on+HTTP+over+TLS+and+OpenVPN&rft.date=2016-10-28&rft_id=https%3A%2F%2Fsweet32.info%2FSWEET32_CCS16.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-NIST_SP_800-57-94"><a href="#cite_ref-NIST_SP_800-57_94-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20140606050814/http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf">"NIST Special Publication 800-57 Recommendation for Key Management — Part 1: General (Revised)"</a> (PDF). 2007-03-08. Archived from <a rel="nofollow" class="external text" href="http://csrc.nist.gov/publications/nistpubs/800-57/sp800-57-Part1-revised2_Mar08-2007.pdf">the original</a> (PDF) on June 6, 2014. Retrieved 2014-07-03.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=NIST+Special+Publication+800-57+Recommendation+for+Key+Management+%E2%80%94+Part+1%3A+General+%28Revised%29&rft.date=2007-03-08&rft_id=http%3A%2F%2Fcsrc.nist.gov%2Fpublications%2Fnistpubs%2F800-57%2Fsp800-57-Part1-revised2_Mar08-2007.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-best-practices-95">^ <a href="#cite_ref-best-practices_95-0">a</a> <a href="#cite_ref-best-practices_95-1">b</a> <a href="#cite_ref-best-practices_95-2">c</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFQualys_SSL_Labs" class="citation web cs1">Qualys SSL Labs. <a rel="nofollow" class="external text" href="https://www.ssllabs.com/projects/best-practices/index.html">"SSL/TLS Deployment Best Practices"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150704101956/https://www.ssllabs.com/projects/best-practices/index.html">Archived</a> from the original on 4 July 2015. Retrieved 2 June 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=SSL%2FTLS+Deployment+Best+Practices&rft.au=Qualys+SSL+Labs&rft_id=https%3A%2F%2Fwww.ssllabs.com%2Fprojects%2Fbest-practices%2Findex.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-97"><a href="#cite_ref-97">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5469">5469</a> </li> <li id="cite_note-chacha20poly1305-100"><a href="#cite_ref-chacha20poly1305_100-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7905">7905</a> </li> <li id="cite_note-103"><a href="#cite_ref-103">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.instantssl.com/ssl-certificate-products/https.html">"Http vs https"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150212105201/https://www.instantssl.com/ssl-certificate-products/https.html">Archived</a> from the original on 2015-02-12. Retrieved 2015-02-12.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Http+vs+https&rft_id=https%3A%2F%2Fwww.instantssl.com%2Fssl-certificate-products%2Fhttps.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-trustworthy_ssl_pulse-104">^ <a href="#cite_ref-trustworthy_ssl_pulse_104-0">a</a> <a href="#cite_ref-trustworthy_ssl_pulse_104-1">b</a> <a href="#cite_ref-trustworthy_ssl_pulse_104-2">c</a> <a href="#cite_ref-trustworthy_ssl_pulse_104-3">d</a> As of May 03, 2024. <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.ssllabs.com/ssl-pulse/">"SSL Pulse: Survey of the SSL Implementation of the Most Popular Websites"</a>. <a href="/wiki/Qualys" title="Qualys">Qualys</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20210308160353/https://web.archive.org/web/20171202155646/https://www.ssllabs.com/ssl-pulse/">Archived</a> from the original on 2021-03-08. Retrieved 2024-05-30.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Qualys&rft.atitle=SSL+Pulse%3A+Survey+of+the+SSL+Implementation+of+the+Most+Popular+Websites&rft_id=https%3A%2F%2Fwww.ssllabs.com%2Fssl-pulse%2F&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-community.qualys-105">^ <a href="#cite_ref-community.qualys_105-0">a</a> <a href="#cite_ref-community.qualys_105-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFivanr2013" class="citation web cs1">ivanr (19 March 2013). <a rel="nofollow" class="external text" href="https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what">"RC4 in TLS is Broken: Now What?"</a>. Qualsys Security Labs. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130827044512/https://community.qualys.com/blogs/securitylabs/2013/03/19/rc4-in-tls-is-broken-now-what">Archived</a> from the original on 2013-08-27. Retrieved 2013-07-30.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=RC4+in+TLS+is+Broken%3A+Now+What%3F&rft.pub=Qualsys+Security+Labs&rft.date=2013-03-19&rft.au=ivanr&rft_id=https%3A%2F%2Fcommunity.qualys.com%2Fblogs%2Fsecuritylabs%2F2013%2F03%2F19%2Frc4-in-tls-is-broken-now-what&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-poodle_pdf-106">^ <a href="#cite_ref-poodle_pdf_106-0">a</a> <a href="#cite_ref-poodle_pdf_106-1">b</a> <a href="#cite_ref-poodle_pdf_106-2">c</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBodo_Möller,_Thai_DuongKrzysztof_Kotowicz" class="citation web cs1">Bodo Möller, Thai Duong & Krzysztof Kotowicz. <a rel="nofollow" class="external text" href="https://www.openssl.org/~bodo/ssl-poodle.pdf">"This POODLE Bites: Exploiting The SSL 3.0 Fallback"</a> (PDF). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20141014224443/https://www.openssl.org/~bodo/ssl-poodle.pdf">Archived</a> (PDF) from the original on 2014-10-14. Retrieved 2014-10-15.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=This+POODLE+Bites%3A+Exploiting+The+SSL+3.0+Fallback&rft.au=Bodo+M%C3%B6ller%2C+Thai+Duong&rft.au=Krzysztof+Kotowicz&rft_id=https%3A%2F%2Fwww.openssl.org%2F~bodo%2Fssl-poodle.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-109"><a href="#cite_ref-109">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blogs.windows.com/windowsexperience/2022/06/15/internet-explorer-11-has-retired-and-is-officially-out-of-support-what-you-need-to-know">"Internet Explorer 11 has retired and is officially out of support—what you need to know"</a>. June 15, 2022. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220615131949/https://blogs.windows.com/windowsexperience/2022/06/15/internet-explorer-11-has-retired-and-is-officially-out-of-support-what-you-need-to-know/">Archived</a> from the original on 2022-06-15. Retrieved 2022-06-15.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Internet+Explorer+11+has+retired+and+is+officially+out+of+support%E2%80%94what+you+need+to+know&rft.date=2022-06-15&rft_id=https%3A%2F%2Fblogs.windows.com%2Fwindowsexperience%2F2022%2F06%2F15%2Finternet-explorer-11-has-retired-and-is-officially-out-of-support-what-you-need-to-know&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-110"><a href="#cite_ref-110">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://docs.microsoft.com/lifecycle/announcements/internet-explorer-11-end-of-support-windows-10">"Internet Explorer 11 desktop app support ended for certain versions of Windows 10"</a>. Retrieved 2022-06-17.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Internet+Explorer+11+desktop+app+support+ended+for+certain+versions+of+Windows+10&rft_id=https%3A%2F%2Fdocs.microsoft.com%2Flifecycle%2Fannouncements%2Finternet-explorer-11-end-of-support-windows-10&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-111"><a href="#cite_ref-111">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://docs.oracle.com/en/java/javase/17/security/java-secure-socket-extension-jsse-reference-guide.html">"Java Secure Socket Extension (JSSE) Reference Guide"</a>. Oracle Help Center. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220122070356/https://docs.oracle.com/en/java/javase/17/security/java-secure-socket-extension-jsse-reference-guide.html">Archived</a> from the original on 2022-01-22. Retrieved 2021-12-24.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Oracle+Help+Center&rft.atitle=Java+Secure+Socket+Extension+%28JSSE%29+Reference+Guide&rft_id=https%3A%2F%2Fdocs.oracle.com%2Fen%2Fjava%2Fjavase%2F17%2Fsecurity%2Fjava-secure-socket-extension-jsse-reference-guide.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-112"><a href="#cite_ref-112">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGeorgievIyengarJanaAnubhai2012" class="citation book cs1">Georgiev, Martin; Iyengar, Subodh; Jana, Suman; Anubhai, Rishita; Boneh, Dan; Shmatikov, Vitaly (2012). <a rel="nofollow" class="external text" href="http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf">The most dangerous code in the world: validating SSL certificates in non-browser software. Proceedings of the 2012 ACM conference on Computer and communications security</a> (PDF). Association for Computing Machinery. pp. 38–49. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-4503-1651-4" title="Special:BookSources/978-1-4503-1651-4"><bdi>978-1-4503-1651-4</bdi></a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20171022194807/http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf">Archived</a> (PDF) from the original on 2017-10-22.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=The+most+dangerous+code+in+the+world%3A+validating+SSL+certificates+in+non-browser+software.+Proceedings+of+the+2012+ACM+conference+on+Computer+and+communications+security&rft.pages=38-49&rft.pub=Association+for+Computing+Machinery&rft.date=2012&rft.isbn=978-1-4503-1651-4&rft.aulast=Georgiev&rft.aufirst=Martin&rft.au=Iyengar%2C+Subodh&rft.au=Jana%2C+Suman&rft.au=Anubhai%2C+Rishita&rft.au=Boneh%2C+Dan&rft.au=Shmatikov%2C+Vitaly&rft_id=http%3A%2F%2Fwww.cs.utexas.edu%2F~shmat%2Fshmat_ccs12.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-113"><a href="#cite_ref-113">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAudet2009" class="citation cs1">Audet, F. (2009). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5630">The Use of the SIPS URI Scheme in the Session Initiation Protocol (SIP)</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC5630">10.17487/RFC5630</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5630">5630</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=The+Use+of+the+SIPS+URI+Scheme+in+the+Session+Initiation+Protocol+%28SIP%29&rft.date=2009&rft_id=info%3Adoi%2F10.17487%2FRFC5630&rft.aulast=Audet&rft.aufirst=F.&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc5630&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-114"><a href="#cite_ref-114">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFShefferHolzSaint-Andre2015" class="citation cs1">Sheffer, Y.; Holz, R.; Saint-Andre, P. (2015). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7457">Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC7457">10.17487/RFC7457</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7457">7457</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Summarizing+Known+Attacks+on+Transport+Layer+Security+%28TLS%29+and+Datagram+TLS+%28DTLS%29&rft.date=2015&rft_id=info%3Adoi%2F10.17487%2FRFC7457&rft.aulast=Sheffer&rft.aufirst=Y.&rft.au=Holz%2C+R.&rft.au=Saint-Andre%2C+P.&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc7457&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-115"><a href="#cite_ref-115">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">"CVE – CVE-2009-3555"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20160104234608/http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555">Archived</a> from the original on 2016-01-04.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=CVE+%E2%80%93+CVE-2009-3555&rft_id=http%3A%2F%2Fcve.mitre.org%2Fcgi-bin%2Fcvename.cgi%3Fname%3DCVE-2009-3555&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-116"><a href="#cite_ref-116">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRescorla2009" class="citation web cs1">Rescorla, Eric (2009-11-05). <a rel="nofollow" class="external text" href="http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html">"Understanding the TLS Renegotiation Attack"</a>. Educated Guesswork. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20120211120608/http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html">Archived</a> from the original on 2012-02-11. Retrieved 2009-11-27.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Educated+Guesswork&rft.atitle=Understanding+the+TLS+Renegotiation+Attack&rft.date=2009-11-05&rft.aulast=Rescorla&rft.aufirst=Eric&rft_id=http%3A%2F%2Fwww.educatedguesswork.org%2F2009%2F11%2Funderstanding_the_tls_renegoti.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-117"><a href="#cite_ref-117">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATION">"SSL_CTX_set_options SECURE_RENEGOTIATION"</a>. OpenSSL Docs. 2010-02-25. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20101126121933/http://openssl.org/docs/ssl/SSL_CTX_set_options.html#SECURE_RENEGOTIATION">Archived</a> from the original on 2010-11-26. Retrieved 2010-11-18.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=OpenSSL+Docs&rft.atitle=SSL_CTX_set_options+SECURE_RENEGOTIATION&rft.date=2010-02-25&rft_id=https%3A%2F%2Fwww.openssl.org%2Fdocs%2Fssl%2FSSL_CTX_set_options.html%23SECURE_RENEGOTIATION&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-118"><a href="#cite_ref-118">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://article.gmane.org/gmane.network.gnutls.general/2046">"GnuTLS 2.10.0 released"</a>. GnuTLS release notes. 2010-06-25. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20151017033726/http://article.gmane.org/gmane.network.gnutls.general/2046">Archived</a> from the original on 2015-10-17. Retrieved 2011-07-24.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=GnuTLS+release+notes&rft.atitle=GnuTLS+2.10.0+released&rft.date=2010-06-25&rft_id=http%3A%2F%2Farticle.gmane.org%2Fgmane.network.gnutls.general%2F2046&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-119"><a href="#cite_ref-119">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20120306184633/https://developer.mozilla.org/NSS_3.12.6_release_notes">"NSS 3.12.6 release notes"</a>. NSS release notes. 2010-03-03. Archived from <a rel="nofollow" class="external text" href="https://developer.mozilla.org/NSS_3.12.6_release_notes">the original</a> on March 6, 2012. Retrieved 2011-07-24.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=NSS+release+notes&rft.atitle=NSS+3.12.6+release+notes&rft.date=2010-03-03&rft_id=https%3A%2F%2Fdeveloper.mozilla.org%2FNSS_3.12.6_release_notes&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-120"><a href="#cite_ref-120">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFA._LangleyN._ModaduguB._Moeller2010" class="citation journal cs1">A. Langley; N. Modadugu; B. Moeller (2010-06-02). <a rel="nofollow" class="external text" href="http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00">"Transport Layer Security (TLS) False Start"</a>. Internet Engineering Task Force. IETF. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130905215608/http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00">Archived</a> from the original on 2013-09-05. Retrieved 2013-07-31.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Internet+Engineering+Task+Force&rft.atitle=Transport+Layer+Security+%28TLS%29+False+Start&rft.date=2010-06-02&rft.au=A.+Langley&rft.au=N.+Modadugu&rft.au=B.+Moeller&rft_id=http%3A%2F%2Ftools.ietf.org%2Fhtml%2Fdraft-bmoeller-tls-falsestart-00&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-121"><a href="#cite_ref-121">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGruener" class="citation web cs1">Gruener, Wolfgang. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20101007061707/http://www.conceivablytech.com/3299/products/false-start-google-proposes-faster-web-chrome-supports-it-already">"False Start: Google Proposes Faster Web, Chrome Supports It Already"</a>. Archived from <a rel="nofollow" class="external text" href="http://www.conceivablytech.com/3299/products/false-start-google-proposes-faster-web-chrome-supports-it-already">the original</a> on 2010-10-07. Retrieved 2011-03-09.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=False+Start%3A+Google+Proposes+Faster+Web%2C+Chrome+Supports+It+Already&rft.aulast=Gruener&rft.aufirst=Wolfgang&rft_id=http%3A%2F%2Fwww.conceivablytech.com%2F3299%2Fproducts%2Ffalse-start-google-proposes-faster-web-chrome-supports-it-already&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-122"><a href="#cite_ref-122">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSmith" class="citation web cs1">Smith, Brian. <a rel="nofollow" class="external text" href="http://www.ietf.org/mail-archive/web/tls/current/msg06933.html">"Limited rollback attacks in False Start and Snap Start"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20110504014418/http://www.ietf.org/mail-archive/web/tls/current/msg06933.html">Archived</a> from the original on 2011-05-04. Retrieved 2011-03-09.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Limited+rollback+attacks+in+False+Start+and+Snap+Start&rft.aulast=Smith&rft.aufirst=Brian&rft_id=http%3A%2F%2Fwww.ietf.org%2Fmail-archive%2Fweb%2Ftls%2Fcurrent%2Fmsg06933.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-123"><a href="#cite_ref-123">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDimcev" class="citation web cs1">Dimcev, Adrian. <a rel="nofollow" class="external text" href="http://www.carbonwind.net/blog/post/Random-SSLTLS-101-False-Start.aspx">"False Start"</a>. Random SSL/TLS 101. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20110504060256/http://www.carbonwind.net/blog/post/Random-SSLTLS-101-False-Start.aspx">Archived</a> from the original on 2011-05-04. Retrieved 2011-03-09.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Random+SSL%2FTLS+101&rft.atitle=False+Start&rft.aulast=Dimcev&rft.aufirst=Adrian&rft_id=http%3A%2F%2Fwww.carbonwind.net%2Fblog%2Fpost%2FRandom-SSLTLS-101-False-Start.aspx&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-124"><a href="#cite_ref-124">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMavrogiannopoulos,_NikosVercautern,_FrederikVelichkov,_VesselinPreneel,_Bart2012" class="citation book cs1">Mavrogiannopoulos, Nikos; Vercautern, Frederik; Velichkov, Vesselin; Preneel, Bart (2012). <a rel="nofollow" class="external text" href="https://www.cosic.esat.kuleuven.be/publications/article-2216.pdf">A cross-protocol attack on the TLS protocol. Proceedings of the 2012 ACM conference on Computer and communications security</a> (PDF). Association for Computing Machinery. pp. 62–72. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-4503-1651-4" title="Special:BookSources/978-1-4503-1651-4"><bdi>978-1-4503-1651-4</bdi></a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150706104327/https://www.cosic.esat.kuleuven.be/publications/article-2216.pdf">Archived</a> (PDF) from the original on 2015-07-06.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=A+cross-protocol+attack+on+the+TLS+protocol.+Proceedings+of+the+2012+ACM+conference+on+Computer+and+communications+security&rft.pages=62-72&rft.pub=Association+for+Computing+Machinery&rft.date=2012&rft.isbn=978-1-4503-1651-4&rft.au=Mavrogiannopoulos%2C+Nikos&rft.au=Vercautern%2C+Frederik&rft.au=Velichkov%2C+Vesselin&rft.au=Preneel%2C+Bart&rft_id=https%3A%2F%2Fwww.cosic.esat.kuleuven.be%2Fpublications%2Farticle-2216.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-125"><a href="#cite_ref-125">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.smacktls.com">"SMACK: State Machine AttaCKs"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150312074827/https://www.smacktls.com">Archived</a> from the original on 2015-03-12.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=SMACK%3A+State+Machine+AttaCKs&rft_id=https%3A%2F%2Fwww.smacktls.com&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-126"><a href="#cite_ref-126">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2015" class="citation web cs1">Goodin, Dan (2015-05-20). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers">"HTTPS-crippling attack threatens tens of thousands of Web and mail servers"</a>. Ars Technica. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170519130937/https://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers">Archived</a> from the original on 2017-05-19.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=HTTPS-crippling+attack+threatens+tens+of+thousands+of+Web+and+mail+servers&rft.date=2015-05-20&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2015%2F05%2Fhttps-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-127"><a href="#cite_ref-127">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLeyden2016" class="citation web cs1">Leyden, John (1 March 2016). <a rel="nofollow" class="external text" href="https://www.theregister.com/2016/03/01/drown_tls_protocol_flaw">"One-third of all HTTPS websites open to DROWN attack"</a>. The Register. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20160301215536/http://www.theregister.co.uk/2016/03/01/drown_tls_protocol_flaw">Archived</a> from the original on 1 March 2016. Retrieved 2016-03-02.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Register&rft.atitle=One-third+of+all+HTTPS+websites+open+to+DROWN+attack&rft.date=2016-03-01&rft.aulast=Leyden&rft.aufirst=John&rft_id=https%3A%2F%2Fwww.theregister.com%2F2016%2F03%2F01%2Fdrown_tls_protocol_flaw&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-ars201603-128">^ <a href="#cite_ref-ars201603_128-0">a</a> <a href="#cite_ref-ars201603_128-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://arstechnica.com/information-technology/2016/03/more-than-13-million-https-websites-imperiled-by-new-decryption-attack">"More than 11 million HTTPS websites imperiled by new decryption attack"</a>. Ars Technica. March 2016. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20160301191108/http://arstechnica.com/security/2016/03/more-than-13-million-https-websites-imperiled-by-new-decryption-attack">Archived</a> from the original on 2016-03-01. Retrieved 2016-03-02.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=More+than+11+million+HTTPS+websites+imperiled+by+new+decryption+attack&rft.date=2016-03&rft_id=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2016%2F03%2Fmore-than-13-million-https-websites-imperiled-by-new-decryption-attack&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-DuongRizzo-129"><a href="#cite_ref-DuongRizzo_129-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFThai_DuongJuliano_Rizzo2011" class="citation web cs1">Thai Duong & Juliano Rizzo (2011-05-13). <a rel="nofollow" class="external text" href="https://bug665814.bugzilla.mozilla.org/attachment.cgi?id=540839">"Here Come The ⊕ Ninjas"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20140603102506/https://bug665814.bugzilla.mozilla.org/attachment.cgi?id=540839">Archived</a> from the original on 2014-06-03.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Here+Come+The+%E2%8A%95+Ninjas&rft.date=2011-05-13&rft.au=Thai+Duong&rft.au=Juliano+Rizzo&rft_id=https%3A%2F%2Fbug665814.bugzilla.mozilla.org%2Fattachment.cgi%3Fid%3D540839&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-DanGoodin-130"><a href="#cite_ref-DanGoodin_130-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2011" class="citation web cs1">Goodin, Dan (2011-09-19). <a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl">"Hackers break SSL encryption used by millions of sites"</a>. <a href="/wiki/The_Register" title="The Register">The Register</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20120210185309/http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl">Archived</a> from the original on 2012-02-10.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Register&rft.atitle=Hackers+break+SSL+encryption+used+by+millions+of+sites&rft.date=2011-09-19&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2011%2F09%2F19%2Fbeast_exploits_paypal_ssl&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-combinator-131"><a href="#cite_ref-combinator_131-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://news.ycombinator.com/item?id=3015498">"Y Combinator comments on the issue"</a>. 2011-09-20. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20120331225714/http://news.ycombinator.com/item?id=3015498">Archived</a> from the original on 2012-03-31.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Y+Combinator+comments+on+the+issue&rft.date=2011-09-20&rft_id=http%3A%2F%2Fnews.ycombinator.com%2Fitem%3Fid%3D3015498&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-132"><a href="#cite_ref-132">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20120630143111/http://www.openssl.org/~bodo/tls-cbc.txt">"Security of CBC Ciphersuites in SSL/TLS: Problems and Countermeasures"</a>. 2004-05-20. Archived from <a rel="nofollow" class="external text" href="https://www.openssl.org/~bodo/tls-cbc.txt">the original</a> on 2012-06-30.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Security+of+CBC+Ciphersuites+in+SSL%2FTLS%3A+Problems+and+Countermeasures&rft.date=2004-05-20&rft_id=http%3A%2F%2Fwww.openssl.org%2F~bodo%2Ftls-cbc.txt&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-133"><a href="#cite_ref-133">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRistic2013" class="citation web cs1">Ristic, Ivan (Sep 10, 2013). <a rel="nofollow" class="external text" href="https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat">"Is BEAST Still a Threat?"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20141012121824/https://community.qualys.com/blogs/securitylabs/2013/09/10/is-beast-still-a-threat">Archived</a> from the original on 12 October 2014. Retrieved 8 October 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Is+BEAST+Still+a+Threat%3F&rft.date=2013-09-10&rft.aulast=Ristic&rft.aufirst=Ivan&rft_id=https%3A%2F%2Fcommunity.qualys.com%2Fblogs%2Fsecuritylabs%2F2013%2F09%2F10%2Fis-beast-still-a-threat&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-ChromeBEAST-134"><a href="#cite_ref-ChromeBEAST_134-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://googlechromereleases.blogspot.jp/2011/10/chrome-stable-release.html">"Chrome Stable Release"</a>. Chrome Releases. 2011-10-25. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150220020306/http://googlechromereleases.blogspot.jp/2011/10/chrome-stable-release.html">Archived</a> from the original on 2015-02-20. Retrieved 2015-02-01.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Chrome+Releases&rft.atitle=Chrome+Stable+Release&rft.date=2011-10-25&rft_id=http%3A%2F%2Fgooglechromereleases.blogspot.jp%2F2011%2F10%2Fchrome-stable-release.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-FirefoxBEAST-135"><a href="#cite_ref-FirefoxBEAST_135-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blog.mozilla.org/security/2011/09/27/attack-against-tls-protected-communications">"Attack against TLS-protected communications"</a>. Mozilla Security Blog. Mozilla. 2011-09-27. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150304221307/https://blog.mozilla.org/security/2011/09/27/attack-against-tls-protected-communications">Archived</a> from the original on 2015-03-04. Retrieved 2015-02-01.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Mozilla+Security+Blog&rft.atitle=Attack+against+TLS-protected+communications&rft.date=2011-09-27&rft_id=https%3A%2F%2Fblog.mozilla.org%2Fsecurity%2F2011%2F09%2F27%2Fattack-against-tls-protected-communications&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-136"><a href="#cite_ref-136">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSmith2011" class="citation web cs1">Smith, Brian (2011-09-30). <a rel="nofollow" class="external text" href="https://bugzilla.mozilla.org/show_bug.cgi?id=665814">"(CVE-2011-3389) Rizzo/Duong chosen plaintext attack (BEAST) on SSL/TLS 1.0 (facilitated by websockets-76)"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20120210202750/https://bugzilla.mozilla.org/show_bug.cgi?id=665814">Archived</a> from the original on 2012-02-10. Retrieved 2011-11-01.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=%28CVE-2011-3389%29+Rizzo%2FDuong+chosen+plaintext+attack+%28BEAST%29+on+SSL%2FTLS+1.0+%28facilitated+by+websockets-76%29&rft.date=2011-09-30&rft.aulast=Smith&rft.aufirst=Brian&rft_id=https%3A%2F%2Fbugzilla.mozilla.org%2Fshow_bug.cgi%3Fid%3D665814&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-MS12-006-137"><a href="#cite_ref-MS12-006_137-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFMSRC2012" class="citation techreport cs1"><a href="/wiki/Microsoft_Security_Response_Center" class="mw-redirect" title="Microsoft Security Response Center">MSRC</a> (2012-01-10). <a rel="nofollow" class="external text" href="https://docs.microsoft.com/en-us/security-updates/SecurityBulletins/2012/ms12-006">Vulnerability in SSL/TLS Could Allow Information Disclosure (2643584)</a>. Security Bulletins (Technical report). MS12-006. Retrieved 2021-10-24 – via <a href="/wiki/Microsoft_Docs" title="Microsoft Docs">Microsoft Docs</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=report&rft.btitle=Vulnerability+in+SSL%2FTLS+Could+Allow+Information+Disclosure+%282643584%29&rft.date=2012-01-10&rft.au=MSRC&rft_id=https%3A%2F%2Fdocs.microsoft.com%2Fen-us%2Fsecurity-updates%2FSecurityBulletins%2F2012%2Fms12-006&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-138"><a href="#cite_ref-138">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRistic2013" class="citation web cs1">Ristic, Ivan (Oct 31, 2013). <a rel="nofollow" class="external text" href="https://community.qualys.com/blogs/securitylabs/2013/10/31/apple-enabled-beast-mitigations-in-os-x-109-mavericks">"Apple Enabled BEAST Mitigations in OS X 10.9 Mavericks"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20141012122536/https://community.qualys.com/blogs/securitylabs/2013/10/31/apple-enabled-beast-mitigations-in-os-x-109-mavericks">Archived</a> from the original on 12 October 2014. Retrieved 8 October 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Apple+Enabled+BEAST+Mitigations+in+OS+X+10.9+Mavericks&rft.date=2013-10-31&rft.aulast=Ristic&rft.aufirst=Ivan&rft_id=https%3A%2F%2Fcommunity.qualys.com%2Fblogs%2Fsecuritylabs%2F2013%2F10%2F31%2Fapple-enabled-beast-mitigations-in-os-x-109-mavericks&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-139"><a href="#cite_ref-139">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2012" class="citation web cs1">Goodin, Dan (2012-09-13). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/2012/09/crime-hijacks-https-sessions">"Crack in Internet's foundation of trust allows HTTPS session hijacking"</a>. Ars Technica. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130801104610/http://arstechnica.com/security/2012/09/crime-hijacks-https-sessions">Archived</a> from the original on 2013-08-01. Retrieved 2013-07-31.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=Crack+in+Internet%27s+foundation+of+trust+allows+HTTPS+session+hijacking&rft.date=2012-09-13&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2012%2F09%2Fcrime-hijacks-https-sessions&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-140"><a href="#cite_ref-140">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFFisher2012" class="citation web cs1">Fisher, Dennis (September 13, 2012). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20120915224635/http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312">"CRIME Attack Uses Compression Ratio of TLS Requests as Side Channel to Hijack Secure Sessions"</a>. ThreatPost. Archived from <a rel="nofollow" class="external text" href="http://threatpost.com/en_us/blogs/crime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312">the original</a> on September 15, 2012. Retrieved 2012-09-13.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=CRIME+Attack+Uses+Compression+Ratio+of+TLS+Requests+as+Side+Channel+to+Hijack+Secure+Sessions&rft.pub=ThreatPost&rft.date=2012-09-13&rft.aulast=Fisher&rft.aufirst=Dennis&rft_id=http%3A%2F%2Fthreatpost.com%2Fen_us%2Fblogs%2Fcrime-attack-uses-compression-ratio-tls-requests-side-channel-hijack-secure-sessions-091312&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-Gooin20130801-141">^ <a href="#cite_ref-Gooin20130801_141-0">a</a> <a href="#cite_ref-Gooin20130801_141-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2013" class="citation web cs1">Goodin, Dan (1 August 2013). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages">"Gone in 30 seconds: New attack plucks secrets from HTTPS-protected pages"</a>. Ars Technica. Condé Nast. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130803181144/http://arstechnica.com/security/2013/08/gone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages">Archived</a> from the original on 3 August 2013. Retrieved 2 August 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=Gone+in+30+seconds%3A+New+attack+plucks+secrets+from+HTTPS-protected+pages&rft.date=2013-08-01&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2013%2F08%2Fgone-in-30-seconds-new-attack-plucks-secrets-from-https-protected-pages&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-142"><a href="#cite_ref-142">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLeyden2013" class="citation web cs1">Leyden, John (2 August 2013). <a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2013/08/02/breach_crypto_attack">"Step into the BREACH: New attack developed to read encrypted web data"</a>. The Register. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130805233414/http://www.theregister.co.uk/2013/08/02/breach_crypto_attack">Archived</a> from the original on 5 August 2013. Retrieved 2 August 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Register&rft.atitle=Step+into+the+BREACH%3A+New+attack+developed+to+read+encrypted+web+data&rft.date=2013-08-02&rft.aulast=Leyden&rft.aufirst=John&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2013%2F08%2F02%2Fbreach_crypto_attack&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-143"><a href="#cite_ref-143">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFP._Gutmann2014" class="citation cs1">P. Gutmann (September 2014). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7366">Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)</a>. Internet Engineering Task Force. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC7366">10.17487/RFC7366</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7366">7366</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Encrypt-then-MAC+for+Transport+Layer+Security+%28TLS%29+and+Datagram+Transport+Layer+Security+%28DTLS%29&rft.pub=Internet+Engineering+Task+Force&rft.date=2014-09&rft_id=info%3Adoi%2F10.17487%2FRFC7366&rft.au=P.+Gutmann&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc7366&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-poodleagain-144"><a href="#cite_ref-poodleagain_144-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLangley2014" class="citation web cs1">Langley, Adam (December 8, 2014). <a rel="nofollow" class="external text" href="https://www.imperialviolet.org/2014/12/08/poodleagain.html">"The POODLE bites again"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20141208200653/https://www.imperialviolet.org/2014/12/08/poodleagain.html">Archived</a> from the original on December 8, 2014. Retrieved 2014-12-08.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=The+POODLE+bites+again&rft.date=2014-12-08&rft.aulast=Langley&rft.aufirst=Adam&rft_id=https%3A%2F%2Fwww.imperialviolet.org%2F2014%2F12%2F08%2Fpoodleagain.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-145"><a href="#cite_ref-145">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://serverfault.com/questions/315042/safest-ciphers-to-use-with-the-beast-tls-1-0-exploit-ive-read-that-rc4-is-im">"ssl – Safest ciphers to use with the BEAST? (TLS 1.0 exploit) I've read that RC4 is immune"</a>. Serverfault.com. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20220220210446/https://serverfault.com/questions/315042/safest-ciphers-to-use-with-the-beast-tls-1-0-exploit-ive-read-that-rc4-is-im">Archived</a> from the original on 20 February 2022. Retrieved 20 February 2022.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Serverfault.com&rft.atitle=ssl+%E2%80%93+Safest+ciphers+to+use+with+the+BEAST%3F+%28TLS+1.0+exploit%29+I%27ve+read+that+RC4+is+immune&rft_id=https%3A%2F%2Fserverfault.com%2Fquestions%2F315042%2Fsafest-ciphers-to-use-with-the-beast-tls-1-0-exploit-ive-read-that-rc4-is-im&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-146"><a href="#cite_ref-146">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPouyan_SepehrdadSerge_VaudenayMartin_Vuagnoux2011" class="citation book cs1">Pouyan Sepehrdad; Serge Vaudenay; Martin Vuagnoux (2011). "Discovery and Exploitation of New Biases in RC4". In Alex Biryukov; <a href="/wiki/Guang_Gong" title="Guang Gong">Guang Gong</a>; Douglas R. Stinson (eds.). Selected Areas in Cryptography: 17th International Workshop, SAC 2010, Waterloo, Ontario, Canada, August 12–13, 2010, Revised Selected Papers. Lecture Notes in Computer Science. Vol. 6544. pp. 74–91. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2F978-3-642-19574-7_5">10.1007/978-3-642-19574-7_5</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-3-642-19573-0" title="Special:BookSources/978-3-642-19573-0"><bdi>978-3-642-19573-0</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=Discovery+and+Exploitation+of+New+Biases+in+RC4&rft.btitle=Selected+Areas+in+Cryptography%3A+17th+International+Workshop%2C+SAC+2010%2C+Waterloo%2C+Ontario%2C+Canada%2C+August+12%E2%80%9313%2C+2010%2C+Revised+Selected+Papers&rft.series=Lecture+Notes+in+Computer+Science&rft.pages=74-91&rft.date=2011&rft_id=info%3Adoi%2F10.1007%2F978-3-642-19574-7_5&rft.isbn=978-3-642-19573-0&rft.au=Pouyan+Sepehrdad&rft.au=Serge+Vaudenay&rft.au=Martin+Vuagnoux&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-147"><a href="#cite_ref-147">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGreen2013" class="citation web cs1">Green, Matthew (12 March 2013). <a rel="nofollow" class="external text" href="http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html">"Attack of the week: RC4 is kind of broken in TLS"</a>. Cryptography Engineering. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130314214026/http://blog.cryptographyengineering.com/2013/03/attack-of-week-rc4-is-kind-of-broken-in.html">Archived</a> from the original on March 14, 2013. Retrieved March 12, 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cryptography+Engineering&rft.atitle=Attack+of+the+week%3A+RC4+is+kind+of+broken+in+TLS&rft.date=2013-03-12&rft.aulast=Green&rft.aufirst=Matthew&rft_id=http%3A%2F%2Fblog.cryptographyengineering.com%2F2013%2F03%2Fattack-of-week-rc4-is-kind-of-broken-in.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-148"><a href="#cite_ref-148">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAlFardanBernsteinPatersonPoettering" class="citation web cs1">AlFardan, Nadhem; Bernstein, Dan; Paterson, Kenny; Poettering, Bertram; Schuldt, Jacob. <a rel="nofollow" class="external text" href="http://www.isg.rhul.ac.uk/tls">"On the Security of RC4 in TLS"</a>. Royal Holloway University of London. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130315084623/http://www.isg.rhul.ac.uk/tls">Archived</a> from the original on March 15, 2013. Retrieved March 13, 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=On+the+Security+of+RC4+in+TLS&rft.pub=Royal+Holloway+University+of+London&rft.aulast=AlFardan&rft.aufirst=Nadhem&rft.au=Bernstein%2C+Dan&rft.au=Paterson%2C+Kenny&rft.au=Poettering%2C+Bertram&rft.au=Schuldt%2C+Jacob&rft_id=http%3A%2F%2Fwww.isg.rhul.ac.uk%2Ftls&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-149"><a href="#cite_ref-149">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAlFardanBernsteinPatersonPoettering2013" class="citation journal cs1">AlFardan, Nadhem J.; Bernstein, Daniel J.; Paterson, Kenneth G.; Poettering, Bertram; Schuldt, Jacob C. N. (8 July 2013). <a rel="nofollow" class="external text" href="http://www.isg.rhul.ac.uk/tls/RC4biases.pdf">"On the Security of RC4 in TLS and WPA"</a> (PDF). Information Security Group. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130922170155/http://www.isg.rhul.ac.uk/tls/RC4biases.pdf">Archived</a> (PDF) from the original on 22 September 2013. Retrieved 2 September 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Information+Security+Group&rft.atitle=On+the+Security+of+RC4+in+TLS+and+WPA&rft.date=2013-07-08&rft.aulast=AlFardan&rft.aufirst=Nadhem+J.&rft.au=Bernstein%2C+Daniel+J.&rft.au=Paterson%2C+Kenneth+G.&rft.au=Poettering%2C+Bertram&rft.au=Schuldt%2C+Jacob+C.+N.&rft_id=http%3A%2F%2Fwww.isg.rhul.ac.uk%2Ftls%2FRC4biases.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-150"><a href="#cite_ref-150">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAlFardanBernsteinPatersonPoettering2013" class="citation conference cs1">AlFardan, Nadhem J.; Bernstein, Daniel J.; Paterson, Kenneth G.; Poettering, Bertram; Schuldt, Jacob C. N. (15 August 2013). <a rel="nofollow" class="external text" href="https://www.usenix.org/sites/default/files/conference/protected-files/alfardan_sec13_slides.pdf">On the Security of RC4 in TLS</a> (PDF). 22nd <a href="/wiki/USENIX" title="USENIX">USENIX</a> Security Symposium. p. 51. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130922133950/https://www.usenix.org/sites/default/files/conference/protected-files/alfardan_sec13_slides.pdf">Archived</a> (PDF) from the original on 22 September 2013. Retrieved 2 September 2013. <q>Plaintext recovery attacks against RC4 in TLS are feasible although not truly practical</q></cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.btitle=On+the+Security+of+RC4+in+TLS&rft.pages=51&rft.date=2013-08-15&rft.aulast=AlFardan&rft.aufirst=Nadhem+J.&rft.au=Bernstein%2C+Daniel+J.&rft.au=Paterson%2C+Kenneth+G.&rft.au=Poettering%2C+Bertram&rft.au=Schuldt%2C+Jacob+C.+N.&rft_id=https%3A%2F%2Fwww.usenix.org%2Fsites%2Fdefault%2Ffiles%2Fconference%2Fprotected-files%2Falfardan_sec13_slides.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-151"><a href="#cite_ref-151">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2015" class="citation web cs1">Goodin, Dan (15 July 2015). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/2015/07/once-theoretical-crypto-attack-against-https-now-verges-on-practicality">"Once-theoretical crypto attack against HTTPS now verges on practicality"</a>. Ars Technical. Conde Nast. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150716084138/http://arstechnica.com/security/2015/07/once-theoretical-crypto-attack-against-https-now-verges-on-practicality">Archived</a> from the original on 16 July 2015. Retrieved 16 July 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technical&rft.atitle=Once-theoretical+crypto+attack+against+HTTPS+now+verges+on+practicality&rft.date=2015-07-15&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2015%2F07%2Fonce-theoretical-crypto-attack-against-https-now-verges-on-practicality&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-152"><a href="#cite_ref-152">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://wiki.mozilla.org/Security/Server_Side_TLS">"Mozilla Security Server Side TLS Recommended Configurations"</a>. Mozilla. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150103093047/https://wiki.mozilla.org/Security/Server_Side_TLS">Archived</a> from the original on 2015-01-03. Retrieved 2015-01-03.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Mozilla+Security+Server+Side+TLS+Recommended+Configurations&rft.pub=Mozilla&rft_id=https%3A%2F%2Fwiki.mozilla.org%2FSecurity%2FServer_Side_TLS&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-153"><a href="#cite_ref-153">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx">"Security Advisory 2868725: Recommendation to disable RC4"</a>. Microsoft. 2013-11-12. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20131118081816/http://blogs.technet.com/b/srd/archive/2013/11/12/security-advisory-2868725-recommendation-to-disable-rc4.aspx">Archived</a> from the original on 2013-11-18. Retrieved 2013-12-04.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Security+Advisory+2868725%3A+Recommendation+to+disable+RC4&rft.pub=Microsoft&rft.date=2013-11-12&rft_id=http%3A%2F%2Fblogs.technet.com%2Fb%2Fsrd%2Farchive%2F2013%2F11%2F12%2Fsecurity-advisory-2868725-recommendation-to-disable-rc4.aspx&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-154"><a href="#cite_ref-154">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blogs.windows.com/msedgedev/2015/09/01/ending-support-for-the-rc4-cipher-in-microsoft-edge-and-internet-explorer-11">"Ending support for the RC4 cipher in Microsoft Edge and Internet Explorer 11"</a>. Microsoft Edge Team. September 1, 2015. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150902054341/http://blogs.windows.com/msedgedev/2015/09/01/ending-support-for-the-rc4-cipher-in-microsoft-edge-and-internet-explorer-11">Archived</a> from the original on September 2, 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Ending+support+for+the+RC4+cipher+in+Microsoft+Edge+and+Internet+Explorer+11&rft.pub=Microsoft+Edge+Team&rft.date=2015-09-01&rft_id=https%3A%2F%2Fblogs.windows.com%2Fmsedgedev%2F2015%2F09%2F01%2Fending-support-for-the-rc4-cipher-in-microsoft-edge-and-internet-explorer-11&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-155"><a href="#cite_ref-155">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLangley2015" class="citation web cs1">Langley, Adam (Sep 1, 2015). <a rel="nofollow" class="external text" href="https://groups.google.com/a/chromium.org/forum/#!msg/security-dev/kVfCywocUO8/vgi_rQuhKgAJ">"Intent to deprecate: RC4"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130523081122/http://groups.google.com/a/chromium.org/group/chromium-os-dev/browse_thread/thread/337cca9a0da59ad6/9354a38894da5df5#!msg/security-dev/kVfCywocUO8/vgi_rQuhKgAJ">Archived</a> from the original on May 23, 2013. Retrieved September 2, 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Intent+to+deprecate%3A+RC4&rft.date=2015-09-01&rft.aulast=Langley&rft.aufirst=Adam&rft_id=https%3A%2F%2Fgroups.google.com%2Fa%2Fchromium.org%2Fforum%2F%23%21msg%2Fsecurity-dev%2FkVfCywocUO8%2Fvgi_rQuhKgAJ&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-156"><a href="#cite_ref-156">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBarnes2015" class="citation web cs1">Barnes, Richard (Sep 1, 2015). <a rel="nofollow" class="external text" href="https://groups.google.com/forum/#!topic/mozilla.dev.platform/JIEFcrGhqSM/discussion">"Intent to ship: RC4 disabled by default in Firefox 44"</a>. <a rel="nofollow" class="external text" href="http://arquivo.pt/wayback/20110122130054/https://groups.google.com/forum/#!topic/mozilla.dev.platform/JIEFcrGhqSM/discussion">Archived</a> from the original on 2011-01-22.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Intent+to+ship%3A+RC4+disabled+by+default+in+Firefox+44&rft.date=2015-09-01&rft.aulast=Barnes&rft.aufirst=Richard&rft_id=https%3A%2F%2Fgroups.google.com%2Fforum%2F%23%21topic%2Fmozilla.dev.platform%2FJIEFcrGhqSM%2Fdiscussion&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-register20130801-157">^ <a href="#cite_ref-register20130801_157-0">a</a> <a href="#cite_ref-register20130801_157-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFJohn_Leyden2013" class="citation web cs1">John Leyden (1 August 2013). <a rel="nofollow" class="external text" href="https://www.theregister.co.uk/2013/08/01/gmail_hotmail_hijacking">"Gmail, Outlook.com and e-voting 'pwned' on stage in crypto-dodge hack"</a>. The Register. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130801193054/http://www.theregister.co.uk/2013/08/01/gmail_hotmail_hijacking">Archived</a> from the original on 1 August 2013. Retrieved 1 August 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Register&rft.atitle=Gmail%2C+Outlook.com+and+e-voting+%27pwned%27+on+stage+in+crypto-dodge+hack&rft.date=2013-08-01&rft.au=John+Leyden&rft_id=https%3A%2F%2Fwww.theregister.co.uk%2F2013%2F08%2F01%2Fgmail_hotmail_hijacking&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-158"><a href="#cite_ref-158">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://www.blackhat.com/us-13/briefings.html#Smyth">"BlackHat USA Briefings"</a>. Black Hat 2013. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130730124037/http://www.blackhat.com/us-13/briefings.html#Smyth">Archived</a> from the original on 30 July 2013. Retrieved 1 August 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Black+Hat+2013&rft.atitle=BlackHat+USA+Briefings&rft_id=https%3A%2F%2Fwww.blackhat.com%2Fus-13%2Fbriefings.html%23Smyth&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-159"><a href="#cite_ref-159">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFSmythPironti2013" class="citation thesis cs1">Smyth, Ben; Pironti, Alfredo (2013). <a rel="nofollow" class="external text" href="https://hal.inria.fr/hal-01102013">Truncating TLS Connections to Violate Beliefs in Web Applications</a>. 7th USENIX Workshop on Offensive Technologies (report). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20151106110117/https://hal.inria.fr/hal-01102013">Archived</a> from the original on 6 November 2015. Retrieved 15 February 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Adissertation&rft.title=Truncating+TLS+Connections+to+Violate+Beliefs+in+Web+Applications&rft.date=2013&rft.aulast=Smyth&rft.aufirst=Ben&rft.au=Pironti%2C+Alfredo&rft_id=https%3A%2F%2Fhal.inria.fr%2Fhal-01102013&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-praad-tls-160"><a href="#cite_ref-praad-tls_160-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAlFardanPaterson2012" class="citation conference cs1">AlFardan, Nadhem; Paterson, Kenneth G (2012). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20120118070007/http://www.isg.rhul.ac.uk/~kp/dtls.pdf">Plaintext-recovery attacks against datagram TLS</a> (PDF). Network and distributed system security symposium (NDSS 2012). Archived from the original on 2012-01-18.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.btitle=Plaintext-recovery+attacks+against+datagram+TLS&rft.date=2012&rft.aulast=AlFardan&rft.aufirst=Nadhem&rft.au=Paterson%2C+Kenneth+G&rft_id=http%3A%2F%2Fwww.isg.rhul.ac.uk%2F~kp%2Fdtls.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"><code class="cs1-code">{{<a href="/wiki/Template:Cite_conference" title="Template:Cite conference">cite conference</a>}}</code>: CS1 maint: unfit URL (<a href="/wiki/Category:CS1_maint:_unfit_URL" title="Category:CS1 maint: unfit URL">link</a>) </li> <li id="cite_note-161"><a href="#cite_ref-161">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2016" class="citation web cs1">Goodin, Dan (26 July 2016). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux">"New attack bypasses HTTPS protection on Macs, Windows, and Linux"</a>. Ars Technica. Condé Nast. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20160727160434/http://arstechnica.com/security/2016/07/new-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux">Archived</a> from the original on 27 July 2016. Retrieved 28 July 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=New+attack+bypasses+HTTPS+protection+on+Macs%2C+Windows%2C+and+Linux&rft.date=2016-07-26&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2016%2F07%2Fnew-attack-that-cripples-https-crypto-works-on-macs-windows-and-linux&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-162"><a href="#cite_ref-162">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2016" class="citation news cs1">Goodin, Dan (August 24, 2016). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/2016/08/new-attack-can-pluck-secrets-from-1-of-https-traffic-affects-top-sites">"HTTPS and OpenVPN face new attack that can decrypt secret cookies"</a>. Ars Technica. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20160824181630/http://arstechnica.com/security/2016/08/new-attack-can-pluck-secrets-from-1-of-https-traffic-affects-top-sites">Archived</a> from the original on August 24, 2016. Retrieved August 24, 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Ars+Technica&rft.atitle=HTTPS+and+OpenVPN+face+new+attack+that+can+decrypt+secret+cookies&rft.date=2016-08-24&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2016%2F08%2Fnew-attack-can-pluck-secrets-from-1-of-https-traffic-affects-top-sites&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-163"><a href="#cite_ref-163">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation news cs1"><a rel="nofollow" class="external text" href="https://www.washingtonpost.com/blogs/style-blog/wp/2014/04/09/why-is-it-called-the-heartbleed-bug">"Why is it called the 'Heartbleed Bug'?"</a>. The Washington Post. 2014-04-09. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20141009063758/http://www.washingtonpost.com/blogs/style-blog/wp/2014/04/09/why-is-it-called-the-heartbleed-bug">Archived</a> from the original on 2014-10-09.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=The+Washington+Post&rft.atitle=Why+is+it+called+the+%27Heartbleed+Bug%27%3F&rft.date=2014-04-09&rft_id=https%3A%2F%2Fwww.washingtonpost.com%2Fblogs%2Fstyle-blog%2Fwp%2F2014%2F04%2F09%2Fwhy-is-it-called-the-heartbleed-bug&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-164"><a href="#cite_ref-164">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://blogs.comodo.com/e-commerce/heartbleed-bug-comodo-urges-openssl-users-to-apply-patch">"Heartbleed Bug vulnerability [9 April 2014]"</a>. <a href="/wiki/Comodo_Group" class="mw-redirect" title="Comodo Group">Comodo Group</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20140705212748/https://blogs.comodo.com/e-commerce/heartbleed-bug-comodo-urges-openssl-users-to-apply-patch">Archived</a> from the original on 5 July 2014.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Heartbleed+Bug+vulnerability+%5B9+April+2014%5D&rft.pub=Comodo+Group&rft_id=https%3A%2F%2Fblogs.comodo.com%2Fe-commerce%2Fheartbleed-bug-comodo-urges-openssl-users-to-apply-patch&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-165"><a href="#cite_ref-165">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBleichenbacher2006" class="citation web cs1"><a href="/wiki/Daniel_Bleichenbacher" title="Daniel Bleichenbacher">Bleichenbacher, Daniel</a> (August 2006). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20141216203704/http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html">"Bleichenbacher's RSA signature forgery based on implementation error"</a>. Archived from <a rel="nofollow" class="external text" href="http://www.imc.org/ietf-openpgp/mail-archive/msg06063.html">the original</a> on 2014-12-16.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Bleichenbacher%27s+RSA+signature+forgery+based+on+implementation+error&rft.date=2006-08&rft.aulast=Bleichenbacher&rft.aufirst=Daniel&rft_id=http%3A%2F%2Fwww.imc.org%2Fietf-openpgp%2Fmail-archive%2Fmsg06063.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-166"><a href="#cite_ref-166">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://www.intelsecurity.com/advanced-threat-research">"BERserk"</a>. Intel Security: Advanced Threat Research. September 2014. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150112153121/http://www.intelsecurity.com/advanced-threat-research">Archived</a> from the original on 2015-01-12.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=BERserk&rft.pub=Intel+Security%3A+Advanced+Threat+Research&rft.date=2014-09&rft_id=http%3A%2F%2Fwww.intelsecurity.com%2Fadvanced-threat-research&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-167"><a href="#cite_ref-167">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2015" class="citation web cs1">Goodin, Dan (February 19, 2015). <a rel="nofollow" class="external text" href="https://arstechnica.com/information-technology/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections">"Lenovo PCs ship with man-in-the-middle adware that breaks HTTPS connections"</a>. <a href="/wiki/Ars_Technica" title="Ars Technica">Ars Technica</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170912103610/https://arstechnica.com/information-technology/2015/02/lenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections">Archived</a> from the original on September 12, 2017. Retrieved December 10, 2017.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=Lenovo+PCs+ship+with+man-in-the-middle+adware+that+breaks+HTTPS+connections&rft.date=2015-02-19&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Finformation-technology%2F2015%2F02%2Flenovo-pcs-ship-with-man-in-the-middle-adware-that-breaks-https-connections&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-168"><a href="#cite_ref-168">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFValsorda2015" class="citation web cs1">Valsorda, Filippo (2015-02-20). <a rel="nofollow" class="external text" href="https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken">"Komodia/Superfish SSL validation is broken"</a>. Filippo.io. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150224112141/https://blog.filippo.io/komodia-superfish-ssl-validation-is-broken">Archived</a> from the original on 2015-02-24.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Komodia%2FSuperfish+SSL+validation+is+broken&rft.pub=Filippo.io&rft.date=2015-02-20&rft.aulast=Valsorda&rft.aufirst=Filippo&rft_id=https%3A%2F%2Fblog.filippo.io%2Fkomodia-superfish-ssl-validation-is-broken&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-forbidden-169">^ <a href="#cite_ref-forbidden_169-0">a</a> <a href="#cite_ref-forbidden_169-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFGoodin2016" class="citation web cs1">Goodin, Dan (26 May 2016). <a rel="nofollow" class="external text" href="https://arstechnica.com/security/2016/05/faulty-https-settings-leave-dozens-of-visa-sites-vulnerable-to-forgery-attacks">""Forbidden attack" makes dozens of HTTPS Visa sites vulnerable to tampering"</a>. Ars Technica. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20160526175713/http://arstechnica.com/security/2016/05/faulty-https-settings-leave-dozens-of-visa-sites-vulnerable-to-forgery-attacks">Archived</a> from the original on 26 May 2016. Retrieved 26 May 2016.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Ars+Technica&rft.atitle=%22Forbidden+attack%22+makes+dozens+of+HTTPS+Visa+sites+vulnerable+to+tampering&rft.date=2016-05-26&rft.aulast=Goodin&rft.aufirst=Dan&rft_id=https%3A%2F%2Farstechnica.com%2Fsecurity%2F2016%2F05%2Ffaulty-https-settings-leave-dozens-of-visa-sites-vulnerable-to-forgery-attacks&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-170"><a href="#cite_ref-170">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFClark_Estes2017" class="citation web cs1">Clark Estes, Adam (February 24, 2017). <a rel="nofollow" class="external text" href="https://gizmodo.com/everything-you-need-to-know-about-cloudbleed-the-lates-1792710616">"Everything You Need to Know About Cloudbleed, the Latest Internet Security Disaster"</a>. <a href="/wiki/Gizmodo" title="Gizmodo">Gizmodo</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20170225013516/http://gizmodo.com/everything-you-need-to-know-about-cloudbleed-the-lates-1792710616">Archived</a> from the original on 2017-02-25. Retrieved 2017-02-24.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Gizmodo&rft.atitle=Everything+You+Need+to+Know+About+Cloudbleed%2C+the+Latest+Internet+Security+Disaster&rft.date=2017-02-24&rft.aulast=Clark+Estes&rft.aufirst=Adam&rft_id=https%3A%2F%2Fgizmodo.com%2Feverything-you-need-to-know-about-cloudbleed-the-lates-1792710616&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-171"><a href="#cite_ref-171">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDiffievan_OorschotWiener1992" class="citation journal cs1">Diffie, Whitfield; van Oorschot, Paul C; Wiener, Michael J. (June 1992). <a rel="nofollow" class="external text" href="http://citeseer.ist.psu.edu/diffie92authentication.html">"Authentication and Authenticated Key Exchanges"</a>. Designs, Codes and Cryptography. 2 (2): 107–125. <a href="/wiki/CiteSeerX_(identifier)" class="mw-redirect" title="CiteSeerX (identifier)">CiteSeerX</a> <a rel="nofollow" class="external text" href="https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.59.6682">10.1.1.59.6682</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1007%2FBF00124891">10.1007/BF00124891</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:7356608">7356608</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20080313081157/http://citeseer.ist.psu.edu/diffie92authentication.html">Archived</a> from the original on 2008-03-13. Retrieved 2008-02-11.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=Designs%2C+Codes+and+Cryptography&rft.atitle=Authentication+and+Authenticated+Key+Exchanges&rft.volume=2&rft.issue=2&rft.pages=107-125&rft.date=1992-06&rft_id=https%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fsummary%3Fdoi%3D10.1.1.59.6682%23id-name%3DCiteSeerX&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A7356608%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1007%2FBF00124891&rft.aulast=Diffie&rft.aufirst=Whitfield&rft.au=van+Oorschot%2C+Paul+C&rft.au=Wiener%2C+Michael+J.&rft_id=http%3A%2F%2Fciteseer.ist.psu.edu%2Fdiffie92authentication.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-172"><a href="#cite_ref-172">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://web.archive.org/web/20130922103746/http://www.ietf.org/mail-archive/web/tls/current/msg02134.html">"Discussion on the TLS mailing list in October 2007"</a>. Archived from <a rel="nofollow" class="external text" href="http://www1.ietf.org/mail-archive/web/tls/current/msg02134.html">the original</a> on 22 September 2013. Retrieved 20 February 2022.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Discussion+on+the+TLS+mailing+list+in+October+2007&rft_id=http%3A%2F%2Fwww1.ietf.org%2Fmail-archive%2Fweb%2Ftls%2Fcurrent%2Fmsg02134.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-173"><a href="#cite_ref-173">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://googleonlinesecurity.blogspot.com.au/2011/11/protecting-data-for-long-term-with.html">"Protecting data for the long term with forward secrecy"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130506184654/http://googleonlinesecurity.blogspot.com.au/2011/11/protecting-data-for-long-term-with.html">Archived</a> from the original on 2013-05-06. Retrieved 2012-11-05.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Protecting+data+for+the+long+term+with+forward+secrecy&rft_id=http%3A%2F%2Fgoogleonlinesecurity.blogspot.com.au%2F2011%2F11%2Fprotecting-data-for-long-term-with.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-174"><a href="#cite_ref-174">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBernat2011" class="citation web cs1">Bernat, Vincent (28 November 2011). <a rel="nofollow" class="external text" href="https://vincent.bernat.ch/en/blog/2011-ssl-perfect-forward-secrecy">"SSL/TLS & Perfect Forward Secrecy"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20120827064047/https://vincent.bernat.ch/en/blog/2011-ssl-perfect-forward-secrecy">Archived</a> from the original on 2012-08-27. Retrieved 2012-11-05.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=SSL%2FTLS+%26+Perfect+Forward+Secrecy&rft.date=2011-11-28&rft.aulast=Bernat&rft.aufirst=Vincent&rft_id=https%3A%2F%2Fvincent.bernat.ch%2Fen%2Fblog%2F2011-ssl-perfect-forward-secrecy&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-175"><a href="#cite_ref-175">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy">"SSL Labs: Deploying Forward Secrecy"</a>. Qualys.com. 2013-06-25. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130626193314/https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy">Archived</a> from the original on 2013-06-26. Retrieved 2013-07-10.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=SSL+Labs%3A+Deploying+Forward+Secrecy&rft.pub=Qualys.com&rft.date=2013-06-25&rft_id=https%3A%2F%2Fcommunity.qualys.com%2Fblogs%2Fsecuritylabs%2F2013%2F06%2F25%2Fssl-labs-deploying-forward-secrecy&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-176"><a href="#cite_ref-176">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRistic2013" class="citation web cs1">Ristic, Ivan (2013-08-05). <a rel="nofollow" class="external text" href="https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy">"SSL Labs: Deploying Forward Secrecy"</a>. Qualsys. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130920150259/https://community.qualys.com/blogs/securitylabs/2013/06/25/ssl-labs-deploying-forward-secrecy">Archived</a> from the original on 2013-09-20. Retrieved 2013-08-31.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=SSL+Labs%3A+Deploying+Forward+Secrecy&rft.pub=Qualsys&rft.date=2013-08-05&rft.aulast=Ristic&rft.aufirst=Ivan&rft_id=https%3A%2F%2Fcommunity.qualys.com%2Fblogs%2Fsecuritylabs%2F2013%2F06%2F25%2Fssl-labs-deploying-forward-secrecy&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-botchingpfs-177">^ <a href="#cite_ref-botchingpfs_177-0">a</a> <a href="#cite_ref-botchingpfs_177-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFLangley2013" class="citation web cs1">Langley, Adam (27 June 2013). <a rel="nofollow" class="external text" href="https://www.imperialviolet.org/2013/06/27/botchingpfs.html">"How to botch TLS forward secrecy"</a>. imperialviolet.org. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130808221614/https://www.imperialviolet.org/2013/06/27/botchingpfs.html">Archived</a> from the original on 8 August 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=imperialviolet.org&rft.atitle=How+to+botch+TLS+forward+secrecy&rft.date=2013-06-27&rft.aulast=Langley&rft.aufirst=Adam&rft_id=https%3A%2F%2Fwww.imperialviolet.org%2F2013%2F06%2F27%2Fbotchingpfs.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-ticketsecwp-178">^ <a href="#cite_ref-ticketsecwp_178-0">a</a> <a href="#cite_ref-ticketsecwp_178-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDaignière" class="citation web cs1">Daignière, Florent. <a rel="nofollow" class="external text" href="https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf">"TLS "Secrets": Whitepaper presenting the security implications of the deployment of session tickets (RFC 5077) as implemented in OpenSSL"</a> (PDF). Matta Consulting Limited. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130806233112/https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-WP.pdf">Archived</a> (PDF) from the original on 6 August 2013. Retrieved 7 August 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=TLS+%22Secrets%22%3A+Whitepaper+presenting+the+security+implications+of+the+deployment+of+session+tickets+%28RFC+5077%29+as+implemented+in+OpenSSL&rft.pub=Matta+Consulting+Limited&rft.aulast=Daigni%C3%A8re&rft.aufirst=Florent&rft_id=https%3A%2F%2Fmedia.blackhat.com%2Fus-13%2FUS-13-Daigniere-TLS-Secrets-WP.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-ticketsecslides-179">^ <a href="#cite_ref-ticketsecslides_179-0">a</a> <a href="#cite_ref-ticketsecslides_179-1">b</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDaignière" class="citation web cs1">Daignière, Florent. <a rel="nofollow" class="external text" href="https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf">"TLS "Secrets": What everyone forgot to tell you…"</a> (PDF). Matta Consulting Limited. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20130805134805/https://media.blackhat.com/us-13/US-13-Daigniere-TLS-Secrets-Slides.pdf">Archived</a> (PDF) from the original on 5 August 2013. Retrieved 7 August 2013.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=TLS+%22Secrets%22%3A+What+everyone+forgot+to+tell+you%E2%80%A6&rft.pub=Matta+Consulting+Limited&rft.aulast=Daigni%C3%A8re&rft.aufirst=Florent&rft_id=https%3A%2F%2Fmedia.blackhat.com%2Fus-13%2FUS-13-Daigniere-TLS-Secrets-Slides.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-180"><a href="#cite_ref-180">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFL.S._HuangS._AdhikarlaD._BonehC._Jackson2014" class="citation journal cs1">L.S. Huang; S. Adhikarla; D. Boneh; C. Jackson (2014). <a rel="nofollow" class="external text" href="http://crypto.stanford.edu/~dabo/pubs/abstracts/websec_ecc.html">"An Experimental Study of TLS Forward Secrecy Deployments"</a>. IEEE Internet Computing. 18 (6): 43–51. <a href="/wiki/CiteSeerX_(identifier)" class="mw-redirect" title="CiteSeerX (identifier)">CiteSeerX</a> <a rel="nofollow" class="external text" href="https://citeseerx.ist.psu.edu/viewdoc/summary?doi=10.1.1.663.4653">10.1.1.663.4653</a>. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1109%2FMIC.2014.86">10.1109/MIC.2014.86</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:11264303">11264303</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150920011317/http://crypto.stanford.edu/~dabo/pubs/abstracts/websec_ecc.html">Archived</a> from the original on 20 September 2015. Retrieved 16 October 2015.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=IEEE+Internet+Computing&rft.atitle=An+Experimental+Study+of+TLS+Forward+Secrecy+Deployments&rft.volume=18&rft.issue=6&rft.pages=43-51&rft.date=2014&rft_id=https%3A%2F%2Fciteseerx.ist.psu.edu%2Fviewdoc%2Fsummary%3Fdoi%3D10.1.1.663.4653%23id-name%3DCiteSeerX&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A11264303%23id-name%3DS2CID&rft_id=info%3Adoi%2F10.1109%2FMIC.2014.86&rft.au=L.S.+Huang&rft.au=S.+Adhikarla&rft.au=D.+Boneh&rft.au=C.+Jackson&rft_id=http%3A%2F%2Fcrypto.stanford.edu%2F~dabo%2Fpubs%2Fabstracts%2Fwebsec_ecc.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-googleLongTerm-181"><a href="#cite_ref-googleLongTerm_181-0">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="http://googleonlinesecurity.blogspot.com.au/2011/11/protecting-data-for-long-term-with.html">"Protecting data for the long term with forward secrecy"</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20140212214518/http://googleonlinesecurity.blogspot.com.au/2011/11/protecting-data-for-long-term-with.html">Archived</a> from the original on 2014-02-12. Retrieved 2014-03-07.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Protecting+data+for+the+long+term+with+forward+secrecy&rft_id=http%3A%2F%2Fgoogleonlinesecurity.blogspot.com.au%2F2011%2F11%2Fprotecting-data-for-long-term-with.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-182"><a href="#cite_ref-182">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFHoffman-Andrews" class="citation web cs1">Hoffman-Andrews, Jacob. <a rel="nofollow" class="external text" href="https://blog.twitter.com/2013/forward-secrecy-at-twitter-0">"Forward Secrecy at Twitter"</a>. Twitter. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20140216041202/https://blog.twitter.com/2013/forward-secrecy-at-twitter-0">Archived</a> from the original on 2014-02-16. Retrieved 2014-03-07.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Forward+Secrecy+at+Twitter&rft.pub=Twitter&rft.aulast=Hoffman-Andrews&rft.aufirst=Jacob&rft_id=https%3A%2F%2Fblog.twitter.com%2F2013%2Fforward-secrecy-at-twitter-0&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-Durumeric_et_al_2017-183">^ <a href="#cite_ref-Durumeric_et_al_2017_183-0">a</a> <a href="#cite_ref-Durumeric_et_al_2017_183-1">b</a> <a href="#cite_ref-Durumeric_et_al_2017_183-2">c</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFDurumericMaSpringallBarnes2017" class="citation journal cs1">Durumeric, Zakir; Ma, Zane; Springall, Drew; Barnes, Richard; Sullivan, Nick; Bursztein, Elie; Bailey, Michael; Halderman, J. Alex; Paxson, Vern (5 September 2017). <a rel="nofollow" class="external text" href="https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/security-impact-https-interception">"The Security Impact of HTTPS Interception"</a>. NDSS Symposium. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.14722%2Fndss.2017.23456">10.14722/ndss.2017.23456</a>. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1-891562-46-4" title="Special:BookSources/978-1-891562-46-4"><bdi>978-1-891562-46-4</bdi></a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190322145041/https://www.ndss-symposium.org/ndss2017/ndss-2017-programme/security-impact-https-interception/">Archived</a> from the original on 22 March 2019. Retrieved 11 March 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=NDSS+Symposium&rft.atitle=The+Security+Impact+of+HTTPS+Interception&rft.date=2017-09-05&rft_id=info%3Adoi%2F10.14722%2Fndss.2017.23456&rft.isbn=978-1-891562-46-4&rft.aulast=Durumeric&rft.aufirst=Zakir&rft.au=Ma%2C+Zane&rft.au=Springall%2C+Drew&rft.au=Barnes%2C+Richard&rft.au=Sullivan%2C+Nick&rft.au=Bursztein%2C+Elie&rft.au=Bailey%2C+Michael&rft.au=Halderman%2C+J.+Alex&rft.au=Paxson%2C+Vern&rft_id=https%3A%2F%2Fwww.ndss-symposium.org%2Fndss2017%2Fndss-2017-programme%2Fsecurity-impact-https-interception&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-openpgp-184">^ <a href="#cite_ref-openpgp_184-0">a</a> <a href="#cite_ref-openpgp_184-1">b</a> These certificates are currently <a href="/wiki/X.509" title="X.509">X.509</a>, but <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6091">6091</a> also specifies the use of <a href="/wiki/OpenPGP" class="mw-redirect" title="OpenPGP">OpenPGP</a>-based certificates. </li> <li id="cite_note-185"><a href="#cite_ref-185">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation web cs1"><a rel="nofollow" class="external text" href="https://crypto.stackexchange.com/questions/27131/differences-between-the-terms-pre-master-secret-master-secret-private-key">"tls – Differences between the terms "pre-master secret", "master secret", "private key", and "shared secret"?"</a>. Cryptography Stack Exchange. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20200922021454/https://crypto.stackexchange.com/questions/27131/differences-between-the-terms-pre-master-secret-master-secret-private-key">Archived</a> from the original on 2020-09-22. Retrieved 2020-10-01.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=Cryptography+Stack+Exchange&rft.atitle=tls+%E2%80%93+Differences+between+the+terms+%22pre-master+secret%22%2C+%22master+secret%22%2C+%22private+key%22%2C+and+%22shared+secret%22%3F&rft_id=https%3A%2F%2Fcrypto.stackexchange.com%2Fquestions%2F27131%2Fdifferences-between-the-terms-pre-master-secret-master-secret-private-key&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-186"><a href="#cite_ref-186">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFChris2009" class="citation web cs1">Chris (2009-02-18). <a rel="nofollow" class="external text" href="http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html">"vsftpd-2.1.0 released – Using TLS session resume for FTPS data connection authentication"</a>. Scarybeastsecurity. blogspot.com. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20120707213409/http://scarybeastsecurity.blogspot.com/2009/02/vsftpd-210-released.html">Archived</a> from the original on 2012-07-07. Retrieved 2012-05-17.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=vsftpd-2.1.0+released+%E2%80%93+Using+TLS+session+resume+for+FTPS+data+connection+authentication&rft.pub=Scarybeastsecurity.+blogspot.com&rft.date=2009-02-18&rft.au=Chris&rft_id=http%3A%2F%2Fscarybeastsecurity.blogspot.com%2F2009%2F02%2Fvsftpd-210-released.html&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-187"><a href="#cite_ref-187">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRescorla2018" class="citation cs1">Rescorla, Eric (August 2018). <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8446#section-4.1.1">"Cryptographic Negotiation"</a>. <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8446">The Transport Layer Security (TLS) Protocol Version 1.3</a>. IETF. sec. 4.1.1. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC8446">10.17487/RFC8446</a>. <a href="/wiki/Request_for_Comments" title="Request for Comments">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8446">8446</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=bookitem&rft.atitle=Cryptographic+Negotiation&rft.btitle=The+Transport+Layer+Security+%28TLS%29+Protocol+Version+1.3&rft.pages=sec.-4.1.1&rft.pub=IETF&rft.date=2018-08&rft_id=info%3Adoi%2F10.17487%2FRFC8446&rft.aulast=Rescorla&rft.aufirst=Eric&rft_id=https%3A%2F%2Fdatatracker.ietf.org%2Fdoc%2Fhtml%2Frfc8446%26%23035%3Bsection-4.1.1&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-188"><a href="#cite_ref-188">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFValsorda2016" class="citation web cs1">Valsorda, Filippo (23 September 2016). <a rel="nofollow" class="external text" href="https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a">"An overview of TLS 1.3 and Q&A"</a>. The Cloudflare Blog. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190503043936/https://blog.cloudflare.com/tls-1-3-overview-and-q-and-a/">Archived</a> from the original on 3 May 2019. Retrieved 3 May 2019.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=unknown&rft.jtitle=The+Cloudflare+Blog&rft.atitle=An+overview+of+TLS+1.3+and+Q%26A&rft.date=2016-09-23&rft.aulast=Valsorda&rft.aufirst=Filippo&rft_id=https%3A%2F%2Fblog.cloudflare.com%2Ftls-1-3-overview-and-q-and-a&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-189"><a href="#cite_ref-189">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation cs2"><a rel="nofollow" class="external text" href="https://ssl.comodo.com/wildcard-ssl-certificates.php">Wildcard SSL Certificate overview</a>, <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150623231035/https://ssl.comodo.com/wildcard-ssl-certificates.php">archived</a> from the original on 2015-06-23, retrieved 2015-07-02</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Wildcard+SSL+Certificate+overview&rft_id=https%3A%2F%2Fssl.comodo.com%2Fwildcard-ssl-certificates.php&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> <li id="cite_note-190"><a href="#cite_ref-190">^</a> <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation cs2"><a rel="nofollow" class="external text" href="https://www.switch.ch/pki/meetings/2007-01/namebased_ssl_virtualhosts.pdf">Named-based SSL virtual hosts: how to tackle the problem</a> (PDF), <a rel="nofollow" class="external text" href="https://web.archive.org/web/20120803022659/https://www.switch.ch/pki/meetings/2007-01/namebased_ssl_virtualhosts.pdf">archived</a> (PDF) from the original on 2012-08-03, retrieved 2012-05-17</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Named-based+SSL+virtual+hosts%3A+how+to+tackle+the+problem&rft_id=https%3A%2F%2Fwww.switch.ch%2Fpki%2Fmeetings%2F2007-01%2Fnamebased_ssl_virtualhosts.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"> </li> </ol></div> <div class="mw-heading mw-heading2"><h2 id="Further_reading">Further reading</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=58" title="Edit section: Further reading">edit</a>]</div> <style data-mw-deduplicate="TemplateStyles:r1235681985">.mw-parser-output .side-box{margin:4px 0;box-sizing:border-box;border:1px solid #aaa;font-size:88%;line-height:1.25em;background-color:var(--background-color-interactive-subtle,#f8f9fa);display:flow-root}.mw-parser-output .side-box-abovebelow,.mw-parser-output .side-box-text{padding:0.25em 0.9em}.mw-parser-output .side-box-image{padding:2px 0 2px 0.9em;text-align:center}.mw-parser-output .side-box-imageright{padding:2px 0.9em 2px 0;text-align:center}@media(min-width:500px){.mw-parser-output .side-box-flex{display:flex;align-items:center}.mw-parser-output .side-box-text{flex:1;min-width:0}}@media(min-width:720px){.mw-parser-output .side-box{width:238px}.mw-parser-output .side-box-right{clear:right;float:right;margin-left:1em}.mw-parser-output .side-box-left{margin-right:1em}}</style><style data-mw-deduplicate="TemplateStyles:r1237033735">@media print{body.ns-0 .mw-parser-output .sistersitebox{display:none!important}}@media screen{html.skin-theme-clientpref-night .mw-parser-output .sistersitebox img[src*="Wiktionary-logo-en-v2.svg"]{background-color:white}}@media screen and (prefers-color-scheme:dark){html.skin-theme-clientpref-os .mw-parser-output .sistersitebox img[src*="Wiktionary-logo-en-v2.svg"]{background-color:white}}</style><div class="side-box side-box-right plainlinks sistersitebox"><style data-mw-deduplicate="TemplateStyles:r1126788409">.mw-parser-output .plainlist ol,.mw-parser-output .plainlist ul{line-height:inherit;list-style:none;margin:0;padding:0}.mw-parser-output .plainlist ol li,.mw-parser-output .plainlist ul li{margin-bottom:0}</style> <div class="side-box-flex"> <div class="side-box-image"><img alt="" src="//upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/30px-Commons-logo.svg.png" decoding="async" width="30" height="40" class="mw-file-element" srcset="//upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/45px-Commons-logo.svg.png 1.5x, //upload.wikimedia.org/wikipedia/en/thumb/4/4a/Commons-logo.svg/59px-Commons-logo.svg.png 2x" data-file-width="1024" data-file-height="1376" /></div> <div class="side-box-text plainlist">Wikimedia Commons has media related to <a href="https://commons.wikimedia.org/wiki/Category:SSL_and_TLS" class="extiw" title="commons:Category:SSL and TLS">SSL and TLS</a>.</div></div> </div> <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFWagnerSchneier,_Bruce1996" class="citation conference cs1">Wagner, David; Schneier, Bruce (November 1996). <a rel="nofollow" class="external text" href="http://www.schneier.com/paper-ssl.pdf">"Analysis of the SSL 3.0 Protocol"</a> (PDF). The Second USENIX Workshop on Electronic Commerce Proceedings. USENIX Press. pp. 29–40. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20061016180809/http://www.schneier.com/paper-ssl.pdf">Archived</a> (PDF) from the original on 2006-10-16. Retrieved 2006-10-12.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=conference&rft.atitle=Analysis+of+the+SSL+3.0+Protocol&rft.btitle=The+Second+USENIX+Workshop+on+Electronic+Commerce+Proceedings&rft.pages=29-40&rft.pub=USENIX+Press&rft.date=1996-11&rft.aulast=Wagner&rft.aufirst=David&rft.au=Schneier%2C+Bruce&rft_id=http%3A%2F%2Fwww.schneier.com%2Fpaper-ssl.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFRescorla2001" class="citation book cs1">Rescorla, Eric (2001). <a rel="nofollow" class="external text" href="https://archive.org/details/ssltls00eric">SSL and TLS: Designing and Building Secure Systems</a>. United States: Addison-Wesley Pub Co. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0-201-61598-2" title="Special:BookSources/978-0-201-61598-2"><bdi>978-0-201-61598-2</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=SSL+and+TLS%3A+Designing+and+Building+Secure+Systems&rft.place=United+States&rft.pub=Addison-Wesley+Pub+Co&rft.date=2001&rft.isbn=978-0-201-61598-2&rft.aulast=Rescorla&rft.aufirst=Eric&rft_id=https%3A%2F%2Farchive.org%2Fdetails%2Fssltls00eric&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFStephen_A._Thomas2000" class="citation book cs1">Stephen A. Thomas (2000). SSL and TLS essentials securing the Web. New York: Wiley. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0-471-38354-3" title="Special:BookSources/978-0-471-38354-3"><bdi>978-0-471-38354-3</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=SSL+and+TLS+essentials+securing+the+Web&rft.place=New+York&rft.pub=Wiley&rft.date=2000&rft.isbn=978-0-471-38354-3&rft.au=Stephen+A.+Thomas&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFBard2006" class="citation journal cs1">Bard, Gregory (2006). <a rel="nofollow" class="external text" href="http://eprint.iacr.org/2006/136">"A Challenging But Feasible Blockwise-Adaptive Chosen-Plaintext Attack on SSL"</a>. International Association for Cryptologic Research (136). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20110923202258/http://eprint.iacr.org/2006/136">Archived</a> from the original on 2011-09-23. Retrieved 2011-09-23.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=International+Association+for+Cryptologic+Research&rft.atitle=A+Challenging+But+Feasible+Blockwise-Adaptive+Chosen-Plaintext+Attack+on+SSL&rft.issue=136&rft.date=2006&rft.aulast=Bard&rft.aufirst=Gregory&rft_id=http%3A%2F%2Feprint.iacr.org%2F2006%2F136&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFCanvel" class="citation web cs1">Canvel, Brice. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20160420233852/http://lasecwww.epfl.ch/memo/memo_ssl.shtml">"Password Interception in a SSL/TLS Channel"</a>. Archived from <a rel="nofollow" class="external text" href="http://lasecwww.epfl.ch/memo/memo_ssl.shtml">the original</a> on 2016-04-20. Retrieved 2007-04-20.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Password+Interception+in+a+SSL%2FTLS+Channel&rft.aulast=Canvel&rft.aufirst=Brice&rft_id=http%3A%2F%2Flasecwww.epfl.ch%2Fmemo%2Fmemo_ssl.shtml&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite class="citation cs1">RFC of change for TLS Renegotiation. 2010. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.17487%2FRFC5746">10.17487/RFC5746</a>. <a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://tools.ietf.org/html/rfc5746">5746</a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=RFC+of+change+for+TLS+Renegotiation&rft.date=2010&rft_id=info%3Adoi%2F10.17487%2FRFC5746&rft_id=https%3A%2F%2Ftools.ietf.org%2Fhtml%2Frfc5746%23id-name%3DRFC&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"></li> <li><a rel="nofollow" class="external text" href="http://www.linuxjournal.com/article/9916">Creating VPNs with IPsec and SSL/TLS</a> <a rel="nofollow" class="external text" href="https://web.archive.org/web/20150412014613/http://www.linuxjournal.com/article/9916">Archived</a> 2015-04-12 at the <a href="/wiki/Wayback_Machine" title="Wayback Machine">Wayback Machine</a> Linux Journal article by Rami Rosen</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFJoshua_Davies2010" class="citation book cs1">Joshua Davies (2010). Implementing SSL/TLS. Wiley. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-0470920411" title="Special:BookSources/978-0470920411"><bdi>978-0470920411</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Implementing+SSL%2FTLS&rft.pub=Wiley&rft.date=2010&rft.isbn=978-0470920411&rft.au=Joshua+Davies&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFPolk,_TimMcKay,_KerryChokhani,_Santosh2014" class="citation web cs1">Polk, Tim; McKay, Kerry; Chokhani, Santosh (April 2014). <a rel="nofollow" class="external text" href="https://web.archive.org/web/20140508025330/http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf">"Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations"</a> (PDF). National Institute of Standards and Technology. Archived from <a rel="nofollow" class="external text" href="http://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-52r1.pdf">the original</a> (PDF) on 2014-05-08. Retrieved 2014-05-07.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=unknown&rft.btitle=Guidelines+for+the+Selection%2C+Configuration%2C+and+Use+of+Transport+Layer+Security+%28TLS%29+Implementations&rft.pub=National+Institute+of+Standards+and+Technology&rft.date=2014-04&rft.au=Polk%2C+Tim&rft.au=McKay%2C+Kerry&rft.au=Chokhani%2C+Santosh&rft_id=http%3A%2F%2Fnvlpubs.nist.gov%2Fnistpubs%2FSpecialPublications%2FNIST.SP.800-52r1.pdf&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFAbdouvan_Oorschot2017" class="citation journal cs1">Abdou, AbdelRahman; van Oorschot, Paul (August 2017). <a rel="nofollow" class="external text" href="https://dl.acm.org/citation.cfm?id=3139294">"Server Location Verification (SLV) and Server Location Pinning: Augmenting TLS Authentication"</a>. ACM Transactions on Privacy and Security. 21 (1): 1:1–1:26. <a href="/wiki/Doi_(identifier)" class="mw-redirect" title="Doi (identifier)">doi</a>:<a rel="nofollow" class="external text" href="https://doi.org/10.1145%2F3139294">10.1145/3139294</a>. <a href="/wiki/S2CID_(identifier)" class="mw-redirect" title="S2CID (identifier)">S2CID</a> <a rel="nofollow" class="external text" href="https://api.semanticscholar.org/CorpusID:5869541">5869541</a>. <a rel="nofollow" class="external text" href="https://web.archive.org/web/20190322145042/https://dl.acm.org/citation.cfm?id=3139294">Archived</a> from the original on 2019-03-22. Retrieved 2018-01-11.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Ajournal&rft.genre=article&rft.jtitle=ACM+Transactions+on+Privacy+and+Security&rft.atitle=Server+Location+Verification+%28SLV%29+and+Server+Location+Pinning%3A+Augmenting+TLS+Authentication&rft.volume=21&rft.issue=1&rft.pages=1%3A1-1%3A26&rft.date=2017-08&rft_id=info%3Adoi%2F10.1145%2F3139294&rft_id=https%3A%2F%2Fapi.semanticscholar.org%2FCorpusID%3A5869541%23id-name%3DS2CID&rft.aulast=Abdou&rft.aufirst=AbdelRahman&rft.au=van+Oorschot%2C+Paul&rft_id=https%3A%2F%2Fdl.acm.org%2Fcitation.cfm%3Fid%3D3139294&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"></li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><cite id="CITEREFIvan_Ristic2022" class="citation book cs1">Ivan Ristic (2022). Bulletproof TLS and PKI, Second Edition. Feisty Duck. <a href="/wiki/ISBN_(identifier)" class="mw-redirect" title="ISBN (identifier)">ISBN</a> <a href="/wiki/Special:BookSources/978-1907117091" title="Special:BookSources/978-1907117091"><bdi>978-1907117091</bdi></a>.</cite><span title="ctx_ver=Z39.88-2004&rft_val_fmt=info%3Aofi%2Ffmt%3Akev%3Amtx%3Abook&rft.genre=book&rft.btitle=Bulletproof+TLS+and+PKI%2C+Second+Edition&rft.pub=Feisty+Duck&rft.date=2022&rft.isbn=978-1907117091&rft.au=Ivan+Ristic&rfr_id=info%3Asid%2Fen.wikipedia.org%3ATransport+Layer+Security" class="Z3988"></li></ul> <div class="mw-heading mw-heading3"><h3 id="Primary_standards">Primary standards</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=59" title="Edit section: Primary standards">edit</a>]</div> The current approved version of (D)TLS is version 1.3, which are specified in: <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc8446">8446</a>: "The Transport Layer Security (TLS) Protocol Version 1.3".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9147">9147</a>: "The Datagram Transport Layer Security (DTLS) Protocol Version 1.3"</li></ul> The current standards replaces these former versions, which are now considered obsolete: <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5246">5246</a>: "The Transport Layer Security (TLS) Protocol Version 1.2".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6347">6347</a>: "Datagram Transport Layer Security Version 1.2"</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4346">4346</a>: "The Transport Layer Security (TLS) Protocol Version 1.1".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4347">4347</a>" "Datagram Transport Layer Security"</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2246">2246</a>: "The TLS Protocol Version 1.0".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6101">6101</a>: "The Secure Sockets Layer (SSL) Protocol Version 3.0".</li> <li><a rel="nofollow" class="external text" href="//tools.ietf.org/html/draft-hickman-netscape-ssl-00">Internet Draft (1995)</a>: "The SSL Protocol"</li></ul> <div class="mw-heading mw-heading3"><h3 id="Extensions">Extensions</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=60" title="Edit section: Extensions">edit</a>]</div> Other <a href="/wiki/Request_for_Comments" title="Request for Comments">RFCs</a> subsequently extended (D)TLS. Extensions to (D)TLS 1.3 include: <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9367">9367</a>: "GOST Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.3".</li></ul> Extensions to (D)TLS 1.2 include: <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5288">5288</a>: "AES <a href="/wiki/Galois/Counter_Mode" title="Galois/Counter Mode">Galois Counter Mode</a> (GCM) Cipher Suites for TLS".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5289">5289</a>: "TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5746">5746</a>: "Transport Layer Security (TLS) Renegotiation Indication Extension".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5878">5878</a>: "Transport Layer Security (TLS) Authorization Extensions".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5932">5932</a>: "Camellia Cipher Suites for TLS"</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6066">6066</a>: "Transport Layer Security (TLS) Extensions: Extension Definitions", includes <a href="/wiki/Server_Name_Indication" title="Server Name Indication">Server Name Indication</a> and <a href="/wiki/OCSP_stapling" title="OCSP stapling">OCSP stapling</a>.</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6091">6091</a>: "Using <a href="/wiki/OpenPGP" class="mw-redirect" title="OpenPGP">OpenPGP</a> Keys for Transport Layer Security (TLS) Authentication".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6176">6176</a>: "Prohibiting Secure Sockets Layer (SSL) Version 2.0".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6209">6209</a>: "Addition of the <a href="/wiki/ARIA_(cipher)" title="ARIA (cipher)">ARIA</a> Cipher Suites to Transport Layer Security (TLS)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6347">6347</a>: "Datagram Transport Layer Security Version 1.2".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6367">6367</a>: "Addition of the Camellia Cipher Suites to Transport Layer Security (TLS)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6460">6460</a>: "Suite B Profile for Transport Layer Security (TLS)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6655">6655</a>: "AES-CCM Cipher Suites for Transport Layer Security (TLS)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7027">7027</a>: "Elliptic Curve Cryptography (ECC) Brainpool Curves for Transport Layer Security (TLS)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7251">7251</a>: "AES-CCM Elliptic Curve Cryptography (ECC) Cipher Suites for TLS".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7301">7301</a>: "Transport Layer Security (TLS) <a href="/wiki/Application-Layer_Protocol_Negotiation" title="Application-Layer Protocol Negotiation">Application-Layer Protocol Negotiation</a> Extension".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7366">7366</a>: "Encrypt-then-MAC for Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7465">7465</a>: "Prohibiting RC4 Cipher Suites".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7507">7507</a>: "TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7568">7568</a>: "Deprecating Secure Sockets Layer Version 3.0".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7627">7627</a>: "Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7685">7685</a>: "A Transport Layer Security (TLS) ClientHello Padding Extension".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc9189">9189</a>: "GOST Cipher Suites for Transport Layer Security (TLS) Protocol Version 1.2".</li></ul> Extensions to (D)TLS 1.1 include: <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4366">4366</a>: "Transport Layer Security (TLS) Extensions" describes both a set of specific extensions and a generic extension mechanism.</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4492">4492</a>: "<a href="/wiki/Elliptic_Curve_Cryptography" class="mw-redirect" title="Elliptic Curve Cryptography">Elliptic Curve Cryptography</a> (ECC) Cipher Suites for Transport Layer Security (TLS)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4680">4680</a>: "TLS Handshake Message for Supplemental Data".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4681">4681</a>: "TLS User Mapping Extension".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4785">4785</a>: "Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5054">5054</a>: "Using the <a href="/wiki/Secure_Remote_Password_protocol" title="Secure Remote Password protocol">Secure Remote Password</a> (SRP) Protocol for TLS Authentication". Defines the <a href="/wiki/TLS-SRP" title="TLS-SRP">TLS-SRP</a> ciphersuites.</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5077">5077</a>: "Transport Layer Security (TLS) Session Resumption without Server-Side State".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5081">5081</a>: "Using <a href="/wiki/OpenPGP" class="mw-redirect" title="OpenPGP">OpenPGP</a> Keys for Transport Layer Security (TLS) Authentication", obsoleted by <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc6091">6091</a>.</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc5216">5216</a>: "The <a href="/wiki/Extensible_Authentication_Protocol" title="Extensible Authentication Protocol">EAP</a>-TLS Authentication Protocol"</li></ul> Extensions to TLS 1.0 include: <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2595">2595</a>: "Using TLS with IMAP, POP3 and ACAP". Specifies an extension to the IMAP, POP3 and ACAP services that allow the server and client to use transport-layer security to provide private, authenticated communication over the Internet.</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2712">2712</a>: "Addition of <a href="/wiki/Kerberos_(protocol)" title="Kerberos (protocol)">Kerberos</a> Cipher Suites to Transport Layer Security (TLS)". The 40-bit cipher suites defined in this memo appear only for the purpose of documenting the fact that those cipher suite codes have already been assigned.</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2817">2817</a>: "Upgrading to TLS Within HTTP/1.1", explains how to use the <a href="/wiki/HTTP/1.1_Upgrade_header" title="HTTP/1.1 Upgrade header">Upgrade mechanism in HTTP/1.1</a> to initiate Transport Layer Security (TLS) over an existing TCP connection. This allows unsecured and secured HTTP traffic to share the same well known port (in this case, http: at 80 rather than https: at 443).</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc2818">2818</a>: "HTTP Over TLS", distinguishes secured traffic from insecure traffic by the use of a different 'server port'.</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3207">3207</a>: "SMTP Service Extension for Secure SMTP over Transport Layer Security". Specifies an extension to the SMTP service that allows an SMTP server and client to use transport-layer security to provide private, authenticated communication over the Internet.</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3268">3268</a>: "AES Ciphersuites for TLS". Adds <a href="/wiki/Advanced_Encryption_Standard" title="Advanced Encryption Standard">Advanced Encryption Standard</a> (AES) cipher suites to the previously existing symmetric ciphers.</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3546">3546</a>: "Transport Layer Security (TLS) Extensions", adds a mechanism for negotiating protocol extensions during session initialisation and defines some extensions. Made obsolete by <link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4366">4366</a>.</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3749">3749</a>: "Transport Layer Security Protocol Compression Methods", specifies the framework for compression methods and the <a href="/wiki/DEFLATE" class="mw-redirect" title="DEFLATE">DEFLATE</a> compression method.</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc3943">3943</a>: "Transport Layer Security (TLS) Protocol Compression Using Lempel-Ziv-Stac (LZS)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4132">4132</a>: "Addition of <a href="/wiki/Camellia_(cipher)" title="Camellia (cipher)">Camellia</a> Cipher Suites to Transport Layer Security (TLS)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4162">4162</a>: "Addition of <a href="/wiki/SEED" title="SEED">SEED</a> Cipher Suites to Transport Layer Security (TLS)".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4217">4217</a>: "Securing <a href="/wiki/FTPS" title="FTPS">FTP with TLS</a>".</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc4279">4279</a>: "Pre-Shared Key Ciphersuites for Transport Layer Security (TLS)", adds three sets of new cipher suites for the TLS protocol to support authentication based on pre-shared keys.</li></ul> <div class="mw-heading mw-heading3"><h3 id="Informational_RFCs">Informational RFCs</h3>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=61" title="Edit section: Informational RFCs">edit</a>]</div> <ul><li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7457">7457</a>: "Summarizing Known Attacks on Transport Layer Security (TLS) and Datagram TLS (DTLS)"</li> <li><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1238218222"><a href="/wiki/RFC_(identifier)" class="mw-redirect" title="RFC (identifier)">RFC</a> <a rel="nofollow" class="external text" href="https://datatracker.ietf.org/doc/html/rfc7525">7525</a>: "Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS)"</li></ul> <div class="mw-heading mw-heading2"><h2 id="External_links">External links</h2>[<a href="/w/index.php?title=Transport_Layer_Security&action=edit&section=62" title="Edit section: External links">edit</a>]</div> <ul><li><a rel="nofollow" class="external text" href="https://datatracker.ietf.org/wg/tls">Internet Engineering Task Force – TLS Workgroup</a> <a rel="nofollow" class="external text" href="https://web.archive.org/web/20140111193101/http://datatracker.ietf.org/wg/tls/">Archived</a> 2014-01-11 at the <a href="/wiki/Wayback_Machine" title="Wayback Machine">Wayback Machine</a></li></ul> <div class="navbox-styles"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><style data-mw-deduplicate="TemplateStyles:r1236075235">.mw-parser-output .navbox{box-sizing:border-box;border:1px solid #a2a9b1;width:100%;clear:both;font-size:88%;text-align:center;padding:1px;margin:1em auto 0}.mw-parser-output .navbox .navbox{margin-top:0}.mw-parser-output .navbox+.navbox,.mw-parser-output .navbox+.navbox-styles+.navbox{margin-top:-1px}.mw-parser-output .navbox-inner,.mw-parser-output .navbox-subgroup{width:100%}.mw-parser-output .navbox-group,.mw-parser-output .navbox-title,.mw-parser-output .navbox-abovebelow{padding:0.25em 1em;line-height:1.5em;text-align:center}.mw-parser-output .navbox-group{white-space:nowrap;text-align:right}.mw-parser-output .navbox,.mw-parser-output .navbox-subgroup{background-color:#fdfdfd}.mw-parser-output .navbox-list{line-height:1.5em;border-color:#fdfdfd}.mw-parser-output .navbox-list-with-group{text-align:left;border-left-width:2px;border-left-style:solid}.mw-parser-output tr+tr>.navbox-abovebelow,.mw-parser-output tr+tr>.navbox-group,.mw-parser-output tr+tr>.navbox-image,.mw-parser-output tr+tr>.navbox-list{border-top:2px solid #fdfdfd}.mw-parser-output .navbox-title{background-color:#ccf}.mw-parser-output .navbox-abovebelow,.mw-parser-output .navbox-group,.mw-parser-output .navbox-subgroup .navbox-title{background-color:#ddf}.mw-parser-output .navbox-subgroup .navbox-group,.mw-parser-output .navbox-subgroup .navbox-abovebelow{background-color:#e6e6ff}.mw-parser-output .navbox-even{background-color:#f7f7f7}.mw-parser-output .navbox-odd{background-color:transparent}.mw-parser-output .navbox .hlist td dl,.mw-parser-output .navbox .hlist td ol,.mw-parser-output .navbox .hlist td ul,.mw-parser-output .navbox td.hlist dl,.mw-parser-output .navbox td.hlist ol,.mw-parser-output .navbox td.hlist ul{padding:0.125em 0}.mw-parser-output .navbox .navbar{display:block;font-size:100%}.mw-parser-output .navbox-title .navbar{float:left;text-align:left;margin-right:0.5em}body.skin--responsive .mw-parser-output .navbox-image img{max-width:none!important}@media print{body.ns-0 .mw-parser-output .navbox{display:none!important}}</style></div><div role="navigation" class="navbox" aria-labelledby="TLS_and_SSL" style="padding:3px"><table class="nowraplinks mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239400231"><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:TLS/SSL" title="Template:TLS/SSL"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:TLS/SSL" title="Template talk:TLS/SSL"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:TLS/SSL" title="Special:EditPage/Template:TLS/SSL"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="TLS_and_SSL" style="font-size:114%;margin:0 4em"><a class="mw-selflink selflink">TLS and SSL</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%">Protocols and technologies</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a class="mw-selflink selflink">Transport Layer Security / Secure Sockets Layer</a> (TLS/SSL)</li> <li><a href="/wiki/Datagram_Transport_Layer_Security" title="Datagram Transport Layer Security">Datagram Transport Layer Security</a> (DTLS)</li> <li><a href="/wiki/Server_Name_Indication" title="Server Name Indication">Server Name Indication</a> (SNI)</li> <li><a href="/wiki/Application-Layer_Protocol_Negotiation" title="Application-Layer Protocol Negotiation">Application-Layer Protocol Negotiation</a> (ALPN)</li> <li><a href="/wiki/DNS-based_Authentication_of_Named_Entities" title="DNS-based Authentication of Named Entities">DNS-based Authentication of Named Entities</a> (DANE)</li> <li><a href="/wiki/DNS_Certification_Authority_Authorization" title="DNS Certification Authority Authorization">DNS Certification Authority Authorization</a> (CAA)</li> <li><a href="/wiki/HTTPS" title="HTTPS">HTTPS</a></li> <li><a href="/wiki/HTTP_Strict_Transport_Security" title="HTTP Strict Transport Security">HTTP Strict Transport Security</a> (HSTS)</li> <li><a href="/wiki/HTTP_Public_Key_Pinning" title="HTTP Public Key Pinning">HTTP Public Key Pinning</a> (HPKP)</li> <li><a href="/wiki/OCSP_stapling" title="OCSP stapling">OCSP stapling</a></li> <li><a href="/wiki/Opportunistic_TLS" title="Opportunistic TLS">Opportunistic TLS</a></li> <li><a href="/wiki/Forward_secrecy" title="Forward secrecy">Perfect forward secrecy</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Public-key infrastructure</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Automated_Certificate_Management_Environment" class="mw-redirect" title="Automated Certificate Management Environment">Automated Certificate Management Environment</a> (ACME)</li> <li><a href="/wiki/Certificate_authority" title="Certificate authority">Certificate authority</a> (CA)</li> <li><a href="/wiki/CA/Browser_Forum" title="CA/Browser Forum">CA/Browser Forum</a></li> <li><a href="/wiki/Certificate_policy" title="Certificate policy">Certificate policy</a></li> <li><a href="/wiki/Certificate_revocation" title="Certificate revocation">Certificate revocation</a> <ul><li><a href="/wiki/Certificate_revocation_list" title="Certificate revocation list">Certificate revocation list</a> (CRL)</li> <li><a href="/wiki/Online_Certificate_Status_Protocol" title="Online Certificate Status Protocol">Online Certificate Status Protocol</a> (OCSP)</li> <li><a href="/wiki/OCSP_stapling" title="OCSP stapling">OCSP stapling</a></li></ul></li> <li><a href="/wiki/Domain-validated_certificate" title="Domain-validated certificate">Domain-validated certificate</a> (DV)</li> <li><a href="/wiki/Extended_Validation_Certificate" title="Extended Validation Certificate">Extended Validation Certificate</a> (EV)</li> <li><a href="/wiki/Public_key_certificate" title="Public key certificate">Public key certificate</a></li> <li><a href="/wiki/Public-key_cryptography" title="Public-key cryptography">Public-key cryptography</a></li> <li><a href="/wiki/Public_key_infrastructure" title="Public key infrastructure">Public key infrastructure</a> (PKI)</li> <li><a href="/wiki/Root_certificate" title="Root certificate">Root certificate</a></li> <li><a href="/wiki/Self-signed_certificate" title="Self-signed certificate">Self-signed certificate</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">See also</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Domain_Name_System_Security_Extensions" title="Domain Name System Security Extensions">Domain Name System Security Extensions</a> (DNSSEC)</li> <li><a href="/wiki/Internet_Protocol_Security" class="mw-redirect" title="Internet Protocol Security">Internet Protocol Security</a> (IPsec)</li> <li><a href="/wiki/Secure_Shell" title="Secure Shell">Secure Shell</a> (SSH)</li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">History</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Export_of_cryptography_from_the_United_States" title="Export of cryptography from the United States">Export of cryptography from the United States</a></li> <li><a href="/wiki/Server-Gated_Cryptography" title="Server-Gated Cryptography">Server-Gated Cryptography</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Comparison_of_TLS_implementations" title="Comparison of TLS implementations">Implementations</a></th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Bouncy_Castle_(cryptography)" title="Bouncy Castle (cryptography)">Bouncy Castle</a></li> <li><a href="/wiki/BoringSSL" class="mw-redirect" title="BoringSSL">BoringSSL</a></li> <li><a href="/wiki/Botan_(programming_library)" title="Botan (programming library)">Botan</a></li> <li><a href="/wiki/BSAFE" title="BSAFE">BSAFE</a></li> <li><a href="/wiki/Cryptlib" title="Cryptlib">cryptlib</a></li> <li><a href="/wiki/GnuTLS" title="GnuTLS">GnuTLS</a></li> <li><a href="/wiki/Java_Secure_Socket_Extension" title="Java Secure Socket Extension">JSSE</a></li> <li><a href="/wiki/LibreSSL" title="LibreSSL">LibreSSL</a></li> <li><a href="/wiki/MatrixSSL" title="MatrixSSL">MatrixSSL</a></li> <li><a href="/wiki/Mbed_TLS" title="Mbed TLS">mbed TLS</a></li> <li><a href="/wiki/Network_Security_Services" title="Network Security Services">NSS</a></li> <li><a href="/wiki/OpenSSL" title="OpenSSL">OpenSSL</a></li> <li><a href="/wiki/Rustls" title="Rustls">Rustls</a></li> <li><a href="/wiki/S2n-tls" title="S2n-tls">s2n-tls</a></li> <li><a href="/wiki/Security_Support_Provider_Interface" title="Security Support Provider Interface">SChannel</a></li> <li><a href="/wiki/SSLeay" title="SSLeay">SSLeay</a></li> <li><a href="/wiki/Stunnel" title="Stunnel">stunnel</a></li> <li><a href="/wiki/WolfSSL" title="WolfSSL">wolfSSL</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Notaries</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Certificate_Transparency" title="Certificate Transparency">Certificate Transparency</a></li> <li><a href="/wiki/Convergence_(SSL)" title="Convergence (SSL)">Convergence</a></li> <li><a href="/wiki/HTTPS_Everywhere" title="HTTPS Everywhere">HTTPS Everywhere</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Vulnerabilities</th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="row" class="navbox-group" style="width:1%">Theory</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Man-in-the-middle_attack" title="Man-in-the-middle attack">Man-in-the-middle attack</a></li> <li><a href="/wiki/Padding_oracle_attack" title="Padding oracle attack">Padding oracle attack</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Cipher</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Bar_mitzvah_attack" title="Bar mitzvah attack">Bar mitzvah attack</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Protocol</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/BEAST_(security_exploit)" class="mw-redirect" title="BEAST (security exploit)">BEAST</a></li> <li><a href="/wiki/BREACH" title="BREACH">BREACH</a></li> <li><a href="/wiki/CRIME" title="CRIME">CRIME</a></li> <li><a href="/wiki/DROWN_attack" title="DROWN attack">DROWN</a></li> <li><a href="/wiki/Logjam_(computer_security)" title="Logjam (computer security)">Logjam</a></li> <li><a href="/wiki/POODLE" title="POODLE">POODLE</a> (in regards to SSL 3.0)</li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Implementation</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Certificate_authority_compromise" class="mw-redirect" title="Certificate authority compromise">Certificate authority compromise</a></li> <li><a href="/wiki/Random_number_generator_attack" title="Random number generator attack">Random number generator attacks</a></li> <li><a href="/wiki/FREAK" title="FREAK">FREAK</a></li> <li><a href="/wiki/Goto_fail" class="mw-redirect" title="Goto fail">goto fail</a></li> <li><a href="/wiki/Heartbleed" title="Heartbleed">Heartbleed</a></li> <li><a href="/wiki/Lucky_Thirteen_attack" title="Lucky Thirteen attack">Lucky Thirteen attack</a></li> <li><a href="/wiki/POODLE" title="POODLE">POODLE</a> (in regards to TLS 1.0)</li> <li><a href="/wiki/Kazakhstan_man-in-the-middle_attack" title="Kazakhstan man-in-the-middle attack">Kazakhstan MITM attack</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr></tbody></table></div> <div class="navbox-styles"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236075235"></div><div role="navigation" class="navbox" aria-labelledby="Virtual_private_networking" style="padding:3px"><table class="nowraplinks mw-collapsible expanded navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239400231"><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Virtual_private_network" title="Template:Virtual private network"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Virtual_private_network" title="Template talk:Virtual private network"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Virtual_private_network" title="Special:EditPage/Template:Virtual private network"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Virtual_private_networking" style="font-size:114%;margin:0 4em"><a href="/wiki/Virtual_private_network" title="Virtual private network">Virtual private networking</a></div></th></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Communication_protocol" title="Communication protocol">Communication protocols</a></th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Datagram_Transport_Layer_Security" title="Datagram Transport Layer Security">DTLS</a></li> <li><a href="/wiki/DirectAccess" title="DirectAccess">DirectAccess</a></li> <li><a href="/wiki/Ethernet_VPN" title="Ethernet VPN">EVPN</a></li> <li><a href="/wiki/IPsec" title="IPsec">IPsec</a></li> <li><a href="/wiki/Layer_2_Forwarding_Protocol" title="Layer 2 Forwarding Protocol">L2F</a></li> <li><a href="/wiki/Layer_2_Tunneling_Protocol" title="Layer 2 Tunneling Protocol">L2TP</a></li> <li><a href="/wiki/L2TPv3" title="L2TPv3">L2TPv3</a></li> <li><a href="/wiki/Point-to-Point_Tunneling_Protocol" title="Point-to-Point Tunneling Protocol">PPTP</a></li> <li><a href="/wiki/Secure_Socket_Tunneling_Protocol" title="Secure Socket Tunneling Protocol">SSTP</a></li> <li><a href="/wiki/Split_tunneling" title="Split tunneling">Split tunneling</a></li> <li><a class="mw-selflink selflink">SSL/TLS</a></li> <li>(<a href="/wiki/Opportunistic_encryption" title="Opportunistic encryption">Opportunistic</a>: <a href="/wiki/Tcpcrypt" title="Tcpcrypt">tcpcrypt</a>)</li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Connection applications</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/FreeLAN" title="FreeLAN">FreeLAN</a></li> <li><a href="/wiki/FreeS/WAN" title="FreeS/WAN">FreeS/WAN</a></li> <li><a href="/wiki/Libreswan" title="Libreswan">Libreswan</a></li> <li><a href="/wiki/N2n" title="N2n">n2n</a></li> <li><a href="/wiki/OpenConnect" title="OpenConnect">OpenConnect</a></li> <li><a href="/wiki/OpenIKED" title="OpenIKED">OpenIKED</a></li> <li><a href="/wiki/Openswan" title="Openswan">Openswan</a></li> <li><a href="/wiki/OpenVPN" title="OpenVPN">OpenVPN</a></li> <li><a href="/wiki/Social_VPN" title="Social VPN">Social VPN</a></li> <li><a href="/wiki/SoftEther_VPN" title="SoftEther VPN">SoftEther VPN</a></li> <li><a href="/wiki/StrongSwan" title="StrongSwan">strongSwan</a></li> <li><a href="/wiki/Tcpcrypt" title="Tcpcrypt">tcpcrypt</a></li> <li><a href="/wiki/Tinc_(protocol)" title="Tinc (protocol)">tinc</a></li> <li><a href="/wiki/VTun" title="VTun">VTun</a></li> <li><a href="/wiki/WireGuard" title="WireGuard">WireGuard</a></li> <li><a href="/wiki/Shadowsocks" title="Shadowsocks">Shadowsocks</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Enterprise_software" title="Enterprise software">Enterprise software</a></th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Avast_SecureLine_VPN" title="Avast SecureLine VPN">Avast SecureLine VPN</a></li> <li><a href="/wiki/Check_Point_VPN-1" class="mw-redirect" title="Check Point VPN-1">Check Point VPN-1</a></li> <li><a href="/wiki/LogMeIn_Hamachi" title="LogMeIn Hamachi">LogMeIn Hamachi</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Risk vectors</th><td class="navbox-list-with-group navbox-list navbox-even hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Content-control_software" class="mw-redirect" title="Content-control software">Content-control software</a></li> <li><a href="/wiki/Deep_content_inspection" title="Deep content inspection">Deep content inspection</a></li> <li><a href="/wiki/Deep_packet_inspection" title="Deep packet inspection">Deep packet inspection</a></li> <li><a href="/wiki/IP_address_blocking" title="IP address blocking">IP address blocking</a></li> <li><a href="/wiki/Network_enumeration" title="Network enumeration">Network enumeration</a></li> <li><a href="/wiki/Stateful_firewall" title="Stateful firewall">Stateful firewall</a></li> <li><a href="/wiki/TCP_reset_attack" title="TCP reset attack">TCP reset attack</a></li> <li><a href="/wiki/VPN_blocking" title="VPN blocking">VPN blocking</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/VPN_service" title="VPN service">VPN Services</a></th><td class="navbox-list-with-group navbox-list navbox-odd hlist" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="row" class="navbox-group" style="width:10em"><a href="/wiki/Avast" title="Avast">Avast</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/HMA_(VPN)" title="HMA (VPN)">HMA</a></li> <li><a href="/wiki/Avast_SecureLine_VPN" title="Avast SecureLine VPN">SecureLine</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:10em"><a href="/wiki/Kape_Technologies" class="mw-redirect" title="Kape Technologies">Kape Technologies</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="padding:0"><div style="padding:0 0.25em"> <ul><li>CyberGhost</li> <li><a href="/wiki/ExpressVPN" title="ExpressVPN">ExpressVPN</a></li> <li><a href="/wiki/Private_Internet_Access" title="Private Internet Access">Private Internet Access</a></li> <li>Zenmate</li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:10em"><a href="/wiki/McAfee" title="McAfee">McAfee</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/TunnelBear" title="TunnelBear">TunnelBear</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:10em">Tesonet</th><td class="navbox-list-with-group navbox-list navbox-even" style="padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/NordVPN" title="NordVPN">NordVPN</a></li> <li><a href="/wiki/NordLayer" title="NordLayer">NordLayer</a></li> <li><a href="/wiki/Surfshark" class="mw-redirect" title="Surfshark">Surfshark</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:10em"><a href="/wiki/Ziff_Davis" title="Ziff Davis">Ziff Davis</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/IPVanish" title="IPVanish">IPVanish</a></li> <li><a href="/wiki/StrongVPN" class="mw-redirect" title="StrongVPN">StrongVPN</a></li></ul> </div></td></tr></tbody></table><div> <ul><li><a href="/wiki/Hola_(VPN)" title="Hola (VPN)">Hola</a></li> <li><a href="/wiki/IVPN" title="IVPN">IVPN</a></li> <li><a href="/wiki/Mozilla_VPN" title="Mozilla VPN">Mozilla VPN</a></li> <li><a href="/wiki/Mullvad" title="Mullvad">Mullvad</a></li> <li><a href="/wiki/PrivadoVPN" title="PrivadoVPN">PrivadoVPN</a></li> <li><a href="/wiki/Proton_VPN" title="Proton VPN">Proton VPN</a></li> <li><a href="/wiki/PureVPN" title="PureVPN">PureVPN</a></li> <li><a href="/wiki/SaferVPN" title="SaferVPN">SaferVPN</a></li> <li><a href="/wiki/Windscribe" title="Windscribe">Windscribe</a></li></ul></div></td></tr></tbody></table></div> <div class="navbox-styles"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1236075235"></div><div role="navigation" class="navbox" aria-labelledby="Web_browsers" style="padding:3px"><table class="nowraplinks hlist mw-collapsible autocollapse navbox-inner" style="border-spacing:0;background:transparent;color:inherit"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1129693374"><link rel="mw-deduplicated-inline-style" href="mw-data:TemplateStyles:r1239400231"><div class="navbar plainlinks hlist navbar-mini"><ul><li class="nv-view"><a href="/wiki/Template:Web_browsers" title="Template:Web browsers"><abbr title="View this template">v</abbr></a></li><li class="nv-talk"><a href="/wiki/Template_talk:Web_browsers" title="Template talk:Web browsers"><abbr title="Discuss this template">t</abbr></a></li><li class="nv-edit"><a href="/wiki/Special:EditPage/Template:Web_browsers" title="Special:EditPage/Template:Web browsers"><abbr title="Edit this template">e</abbr></a></li></ul></div><div id="Web_browsers" style="font-size:114%;margin:0 4em"><a href="/wiki/Web_browser" title="Web browser">Web browsers</a></div></th></tr><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks mw-collapsible mw-collapsed navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><div id="*_Features_*_standards_*_protocols" style="font-size:114%;margin:0 4em"> <ul><li>Features</li> <li>standards</li> <li>protocols</li></ul> </div></th></tr><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="row" class="navbox-group" style="width:1%">Features</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Bookmark_(digital)" title="Bookmark (digital)">Bookmarks</a></li> <li><a href="/wiki/Browser_extension" title="Browser extension">Extensions</a></li> <li><a href="/wiki/Private_browsing" title="Private browsing">Privacy mode</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Web_standards" title="Web standards">Web standards</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/HTML" title="HTML">HTML</a> <ul><li><a href="/wiki/HTML5" title="HTML5">v5</a></li></ul></li> <li><a href="/wiki/CSS" title="CSS">CSS</a></li> <li><a href="/wiki/Document_Object_Model" title="Document Object Model">DOM</a></li> <li><a href="/wiki/JavaScript" title="JavaScript">JavaScript</a> <ul><li><a href="/wiki/WebAssembly" title="WebAssembly">WebAssembly</a></li> <li><a href="/wiki/Web_storage" title="Web storage">Web storage</a></li> <li><a href="/wiki/Indexed_Database_API" title="Indexed Database API">IndexedDB</a></li> <li><a href="/wiki/WebGL" title="WebGL">WebGL</a></li> <li><a href="/wiki/WebGPU" title="WebGPU">WebGPU</a></li></ul></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Protocols</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/HTTP" title="HTTP">HTTP</a> <ul><li><a href="/wiki/HTTPS" title="HTTPS">Encryption</a></li> <li><a href="/wiki/HTTP_cookie" title="HTTP cookie">Cookies</a> <ul><li><a href="/wiki/Third-party_cookies" title="Third-party cookies">third-party</a></li></ul></li></ul></li> <li><a href="/wiki/Online_Certificate_Status_Protocol" title="Online Certificate Status Protocol">OCSP</a></li> <li><a href="/wiki/WebRTC" title="WebRTC">WebRTC</a></li> <li><a href="/wiki/WebSocket" title="WebSocket">WebSocket</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr></tbody></table><div></div></td></tr><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks mw-collapsible mw-collapsed navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><div id="Active" style="font-size:114%;margin:0 4em">Active</div></th></tr><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Blink_(browser_engine)" title="Blink (browser engine)">Blink</a>-based</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Proprietary_software" title="Proprietary software">Proprietary</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Google_Chrome" title="Google Chrome">Google Chrome</a></li> <li><a href="/wiki/Arc_(web_browser)" title="Arc (web browser)">Arc</a></li> <li><a href="/wiki/Avast_Secure_Browser" title="Avast Secure Browser">Avast</a></li> <li><a href="/wiki/C%E1%BB%91c_C%E1%BB%91c" title="Cốc Cốc">Coc Coc</a></li> <li><a href="/wiki/Comodo_Dragon" title="Comodo Dragon">Comodo</a></li> <li><a href="/wiki/Epic_(web_browser)" title="Epic (web browser)">Epic</a></li> <li><a href="/wiki/Maxthon" title="Maxthon">Maxthon</a></li> <li><a href="/wiki/Microsoft_Edge" title="Microsoft Edge">Microsoft Edge</a></li> <li><a href="/wiki/Opera_(web_browser)" title="Opera (web browser)">Opera</a> (<a href="/wiki/Opera_Mobile" title="Opera Mobile">Mobile</a>)</li> <li><a href="/wiki/Puffin_Browser" title="Puffin Browser">Puffin </a></li> <li><a href="/wiki/QQ_Browser" title="QQ Browser">QQ</a></li> <li><a href="/wiki/Samsung_Internet" title="Samsung Internet">Samsung</a></li> <li><a href="/wiki/Amazon_Silk" title="Amazon Silk">Silk</a></li> <li><a href="/wiki/Sleipnir_(web_browser)" title="Sleipnir (web browser)">Sleipnir</a></li> <li><a href="/wiki/SRWare_Iron" title="SRWare Iron">SRWare</a></li> <li><a href="/wiki/UC_Browser" title="UC Browser">UC</a></li> <li><a href="/wiki/Vivaldi_(web_browser)" title="Vivaldi (web browser)">Vivaldi</a></li> <li><a href="/wiki/Naver_Whale" title="Naver Whale">Whale</a></li> <li><a href="/wiki/Yandex_Browser" title="Yandex Browser">Yandex</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Free_and_Open_Source" class="mw-redirect" title="Free and Open Source">FOSS</a></th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Chromium_(web_browser)" title="Chromium (web browser)">Chromium</a></li> <li><a href="/wiki/Brave_(web_browser)" title="Brave (web browser)">Brave</a></li> <li><a href="/wiki/Dooble" title="Dooble">Dooble</a></li> <li><a href="/wiki/Falkon" title="Falkon">Falkon</a></li> <li><a href="/wiki/Otter_Browser" title="Otter Browser">Otter</a></li> <li><a href="/wiki/Supermium" title="Supermium">Supermium</a></li> <li><a href="/wiki/Ungoogled-chromium" title="Ungoogled-chromium">ungoogled</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Gecko_(software)" title="Gecko (software)">Gecko</a>-based</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Firefox" title="Firefox">Firefox</a></li> <li><a href="/wiki/Floorp" title="Floorp">Floorp</a></li> <li><a href="/wiki/GNU_IceCat" title="GNU IceCat">GNU IceCat</a></li> <li><a href="/wiki/LibreWolf" title="LibreWolf">LibreWolf</a></li> <li><a href="/wiki/Midori_(web_browser)" title="Midori (web browser)">Midori</a></li> <li><a href="/wiki/SlimBrowser" title="SlimBrowser">SlimBrowser</a></li> <li><a href="/wiki/Tor_Browser" class="mw-redirect" title="Tor Browser">Tor Browser</a></li> <li>Gecko <a href="/wiki/Fork_(software_development)" title="Fork (software development)">forks</a> <ul><li><a href="/wiki/Basilisk_(web_browser)" title="Basilisk (web browser)">Basilisk</a></li> <li><a href="/wiki/K-Meleon" title="K-Meleon">K-Meleon</a></li> <li><a href="/wiki/Pale_Moon" title="Pale Moon">Pale Moon</a></li> <li><a href="/wiki/SeaMonkey" title="SeaMonkey">SeaMonkey</a></li> <li><a href="/wiki/Waterfox" title="Waterfox">Waterfox</a></li></ul></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/WebKit" title="WebKit">WebKit</a>-based</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Safari_(web_browser)" title="Safari (web browser)">Safari</a></li> <li><a href="/wiki/GNOME_Web" title="GNOME Web">GNOME Web</a></li> <li><a href="/wiki/ICab" title="ICab">iCab</a></li> <li><a href="/wiki/Kagi_(search_engine)#Orion_Browser" title="Kagi (search engine)">Orion</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Multi-<a href="/wiki/Browser_engine" title="Browser engine">engine</a></th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/360_Secure_Browser" title="360 Secure Browser">360</a></li> <li><a href="/wiki/DuckDuckGo_Private_Browser" title="DuckDuckGo Private Browser">DuckDuckGo</a></li> <li><a href="/wiki/Konqueror" title="Konqueror">Konqueror</a></li> <li><a href="/wiki/Lunascape" title="Lunascape">Lunascape</a></li> <li><a href="/wiki/NetFront" title="NetFront">NetFront</a></li> <li><a href="/wiki/Qutebrowser" title="Qutebrowser">qutebrowser</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Other</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Eww_(web_browser)" title="Eww (web browser)">eww</a></li> <li><a href="/wiki/Flow_(web_browser)" title="Flow (web browser)">Flow</a></li> <li><a href="/wiki/Ladybird_(web_browser)" title="Ladybird (web browser)">Ladybird</a></li> <li><a href="/wiki/Links_(web_browser)" title="Links (web browser)">Links</a></li> <li><a href="/wiki/Lynx_(web_browser)" title="Lynx (web browser)">Lynx</a></li> <li><a href="/wiki/NetSurf" title="NetSurf">NetSurf</a></li> <li><a href="/wiki/Opera_Mini" title="Opera Mini">Opera Mini</a></li> <li><a href="/wiki/W3m" title="W3m">w3m</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr></tbody></table><div></div></td></tr><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks mw-collapsible mw-collapsed navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="col" class="navbox-title" colspan="2"><div id="Discontinued" style="font-size:114%;margin:0 4em">Discontinued</div></th></tr><tr><td colspan="2" class="navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"></div><table class="nowraplinks navbox-subgroup" style="border-spacing:0"><tbody><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Blink_(browser_engine)" title="Blink (browser engine)">Blink</a>-based</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Beaker_(web_browser)" title="Beaker (web browser)">Beaker</a></li> <li><a href="/wiki/Citrio" title="Citrio">Citrio</a></li> <li><a href="/wiki/Flock_(web_browser)" title="Flock (web browser)">Flock</a></li> <li><a href="/wiki/Redcore" title="Redcore">Redcore</a></li> <li><a href="/wiki/Rockmelt" title="Rockmelt">Rockmelt</a></li> <li><a href="/wiki/SalamWeb" title="SalamWeb">SalamWeb</a></li> <li><a href="/wiki/Sputnik_(search_engine)#Browser" title="Sputnik (search engine)">Sputnik</a></li> <li><a href="/wiki/Torch_(web_browser)" title="Torch (web browser)">Torch</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Gecko_(software)" title="Gecko (software)">Gecko</a>-based</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Beonex_Communicator" title="Beonex Communicator">Beonex</a></li> <li><a href="/wiki/Camino_(web_browser)" title="Camino (web browser)">Camino</a></li> <li><a href="/wiki/Classilla" title="Classilla">Classilla</a></li> <li><a href="/wiki/Conkeror" title="Conkeror">Conkeror</a></li> <li><a href="/wiki/Firefox_Lite" title="Firefox Lite">Firefox Lite</a></li> <li><a href="/wiki/Galeon" title="Galeon">Galeon</a></li> <li><a href="/wiki/Ghostzilla" title="Ghostzilla">Ghostzilla</a></li> <li><a href="/wiki/Comodo_IceDragon" title="Comodo IceDragon">IceDragon</a></li> <li><a href="/wiki/Kazehakase" title="Kazehakase">Kazehakase</a></li> <li><a href="/wiki/Kylo_(web_browser)" title="Kylo (web browser)">Kylo</a></li> <li><a href="/wiki/IBM_Lotus_Symphony" title="IBM Lotus Symphony">Lotus</a></li> <li><a href="/wiki/MicroB" title="MicroB">MicroB</a></li> <li><a href="/wiki/Minimo" title="Minimo">Minimo</a></li> <li><a href="/wiki/Mozilla_Application_Suite" title="Mozilla Application Suite">Mozilla suite</a></li> <li><a href="/wiki/PirateBrowser" title="PirateBrowser">PirateBrowser</a></li> <li><a href="/wiki/AT%26T_Pogo" title="AT&T Pogo">Pogo</a></li> <li><a href="/wiki/Kirix_Strata" title="Kirix Strata">Strata</a></li> <li><a href="/wiki/Swiftfox" title="Swiftfox">Swiftfox</a></li> <li><a href="/wiki/Swiftweasel" title="Swiftweasel">Swiftweasel</a></li> <li><a href="/wiki/TenFourFox" class="mw-redirect" title="TenFourFox">TenFourFox</a></li> <li><a href="/wiki/Timberwolf_(web_browser)" title="Timberwolf (web browser)">Timberwolf</a></li> <li><a href="/wiki/XB_Browser" title="XB Browser">xB</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/Trident_(software)" title="Trident (software)">MSHTML</a>-based</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Internet_Explorer" title="Internet Explorer">Internet Explorer</a></li> <li><a href="/wiki/AOL_Explorer" title="AOL Explorer">AOL</a></li> <li><a href="/wiki/Deepnet_Explorer" title="Deepnet Explorer">Deepnet</a></li> <li><a href="/wiki/GreenBrowser" title="GreenBrowser">GreenBrowser</a></li> <li><a href="/wiki/MediaBrowser" title="MediaBrowser">MediaBrowser</a></li> <li><a href="/wiki/NeoPlanet" title="NeoPlanet">NeoPlanet</a></li> <li><a href="/wiki/NetCaptor" title="NetCaptor">NetCaptor</a></li> <li><a href="/wiki/SpaceTime_(software)#SpaceTime_Browser" title="SpaceTime (software)">SpaceTime</a></li> <li><a href="/wiki/ZAC_Browser" title="ZAC Browser">ZAC</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%"><a href="/wiki/WebKit" title="WebKit">WebKit</a>-based</th><td class="navbox-list-with-group navbox-list navbox-even" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Arora_(web_browser)" title="Arora (web browser)">Arora</a></li> <li><a href="/wiki/Bolt_(web_browser)" title="Bolt (web browser)">BOLT</a></li> <li><a href="/wiki/Dolphin_Browser" title="Dolphin Browser">Dolphin</a></li> <li><a href="/wiki/Fluid_(web_browser)" title="Fluid (web browser)">Fluid</a></li> <li><a href="/wiki/Google_TV_(smart_TV_platform)" class="mw-redirect" title="Google TV (smart TV platform)">Google TV</a></li> <li><a href="/wiki/Iris_Browser" title="Iris Browser">Iris</a></li> <li><a href="/wiki/Mercury_Browser" title="Mercury Browser">Mercury</a></li> <li><a href="/wiki/Nokia_Browser_for_Symbian" title="Nokia Browser for Symbian">Nokia Symbian</a></li> <li><a href="/wiki/OmniWeb" title="OmniWeb">OmniWeb</a></li> <li><a href="/wiki/Opera_Coast" title="Opera Coast">Opera Coast</a></li> <li><a href="/wiki/Origyn_Web_Browser" title="Origyn Web Browser">Origyn</a></li> <li><a href="/wiki/QtWeb" title="QtWeb">QtWeb</a></li> <li><a href="/wiki/Shiira" title="Shiira">Shiira</a></li> <li><a href="/wiki/Steel_(web_browser)" title="Steel (web browser)">Steel</a></li> <li><a href="/wiki/Surf_(web_browser)" title="Surf (web browser)">surf</a></li> <li><a href="/wiki/Uzbl" title="Uzbl">Uzbl</a></li> <li><a href="/wiki/WebPositive" class="mw-redirect" title="WebPositive">WebPositive</a></li> <li><a href="/wiki/Xombrero" title="Xombrero">xombrero</a></li></ul> </div></td></tr><tr><th scope="row" class="navbox-group" style="width:1%">Other</th><td class="navbox-list-with-group navbox-list navbox-odd" style="width:100%;padding:0"><div style="padding:0 0.25em"> <ul><li><a href="/wiki/Abaco_(web_browser)" title="Abaco (web browser)">abaco</a></li> <li><a href="/wiki/Amaya_(web_editor)" title="Amaya (web editor)">Amaya</a></li> <li><a href="/wiki/Arachne_(web_browser)" title="Arachne (web browser)">Arachne</a></li> <li><a href="/wiki/Arena_(web_browser)" title="Arena (web browser)">Arena</a></li> <li><a href="/wiki/Blazer_(web_browser)" title="Blazer (web browser)">Blazer</a></li> <li><a href="/wiki/Cake_Browser" title="Cake Browser">Cake</a></li> <li><a href="/wiki/Charon_(web_browser)" title="Charon (web browser)">Charon</a></li> <li><a href="/wiki/CM_Browser" title="CM Browser">CM</a></li> <li><a href="/wiki/Microsoft_Live_Labs_Deepfish" title="Microsoft Live Labs Deepfish">Deepfish</a></li> <li><a href="/wiki/Dillo" title="Dillo">Dillo</a></li> <li><a href="/wiki/Microsoft_Edge_Legacy" class="mw-redirect" title="Microsoft Edge Legacy">Edge Legacy</a></li> <li><a href="/wiki/ELinks" title="ELinks">ELinks</a></li> <li><a href="/wiki/Gazelle_(web_browser)" title="Gazelle (web browser)">Gazelle</a></li> <li><a href="/wiki/HotJava" title="HotJava">HotJava</a></li> <li><a href="/wiki/IBM_Home_Page_Reader" title="IBM Home Page Reader">IBM Home Page Reader</a></li> <li><a href="/wiki/IBM_WebExplorer" title="IBM WebExplorer">IBM WebExplorer</a></li> <li><a href="/wiki/IBrowse" title="IBrowse">IBrowse</a></li> <li><a href="/wiki/Internet_Explorer_for_Mac" title="Internet Explorer for Mac">Internet Explorer for Mac</a></li> <li><a href="/wiki/KidZui" title="KidZui">KidZui</a></li> <li><a href="/wiki/Line_Mode_Browser" title="Line Mode Browser">Line Mode</a></li> <li><a href="/wiki/Mosaic_(web_browser)" class="mw-redirect" title="Mosaic (web browser)">Mosaic</a></li> <li><a href="/wiki/MSN_TV" title="MSN TV">MSN TV</a></li> <li><a href="/wiki/NetPositive" class="mw-redirect" title="NetPositive">NetPositive</a></li> <li><a href="/wiki/Netscape_(web_browser)" title="Netscape (web browser)">Netscape</a></li> <li><a href="/wiki/Skweezer" title="Skweezer">Skweezer</a></li> <li><a href="/wiki/Skyfire_(company)" title="Skyfire (company)">Skyfire</a></li> <li><a href="/wiki/ThunderHawk" title="ThunderHawk">ThunderHawk</a></li> <li><a href="/wiki/Vision_Mobile_Browser" title="Vision Mobile Browser">Vision</a></li> <li><a href="/wiki/WinWAP" title="WinWAP">WinWAP</a></li> <li><a href="/wiki/WorldWideWeb" title="WorldWideWeb">WorldWideWeb</a></li></ul> </div></td></tr></tbody></table><div></div></td></tr></tbody></table><div></div></td></tr><tr><td class="navbox-abovebelow" colspan="2"><div> <ul><li><a href="/wiki/Category:Web_browsers" title="Category:Web browsers">Category</a></li> <li><a href="/wiki/Comparison_of_web_browsers" title="Comparison of web browsers">Comparisons</a></li> <li><a href="/wiki/List_of_web_browsers" title="List of web browsers">List</a></li></ul> </div></td></tr></tbody></table></div>    </div><noscript><img src="https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?type=1x1" alt="" width="1" height="1" style="border: none; position: absolute;"></noscript> <div class="printfooter" data-nosnippet="">Retrieved from "<a dir="ltr" href="https://en.wikipedia.org/w/index.php?title=Transport_Layer_Security&oldid=1257548947">https://en.wikipedia.org/w/index.php?title=Transport_Layer_Security&oldid=1257548947</a>"</div></div> <div id="catlinks" class="catlinks" data-mw="interface"><div id="mw-normal-catlinks" class="mw-normal-catlinks"><a href="/wiki/Help:Category" title="Help:Category">Categories</a>: <ul><li><a href="/wiki/Category:Internet_properties_established_in_1999" title="Category:Internet properties established in 1999">Internet properties established in 1999</a></li><li><a href="/wiki/Category:Transport_Layer_Security" title="Category:Transport Layer Security">Transport Layer Security</a></li><li><a href="/wiki/Category:Cryptographic_protocols" title="Category:Cryptographic protocols">Cryptographic protocols</a></li><li><a href="/wiki/Category:Presentation_layer_protocols" title="Category:Presentation layer protocols">Presentation layer protocols</a></li></ul></div><div id="mw-hidden-catlinks" class="mw-hidden-catlinks mw-hidden-cats-hidden">Hidden categories: <ul><li><a href="/wiki/Category:CS1_maint:_archived_copy_as_title" title="Category:CS1 maint: archived copy as title">CS1 maint: archived copy as title</a></li><li><a href="/wiki/Category:CS1_maint:_unfit_URL" title="Category:CS1 maint: unfit URL">CS1 maint: unfit URL</a></li><li><a href="/wiki/Category:Articles_with_short_description" title="Category:Articles with short description">Articles with short description</a></li><li><a href="/wiki/Category:Short_description_matches_Wikidata" title="Category:Short description matches Wikidata">Short description matches Wikidata</a></li><li><a href="/wiki/Category:Articles_containing_potentially_dated_statements_from_April_2016" title="Category:Articles containing potentially dated statements from April 2016">Articles containing potentially dated statements from April 2016</a></li><li><a href="/wiki/Category:All_articles_containing_potentially_dated_statements" title="Category:All articles containing potentially dated statements">All articles containing potentially dated statements</a></li><li><a href="/wiki/Category:Webarchive_template_wayback_links" title="Category:Webarchive template wayback links">Webarchive template wayback links</a></li><li><a href="/wiki/Category:All_articles_with_unsourced_statements" title="Category:All articles with unsourced statements">All articles with unsourced statements</a></li><li><a href="/wiki/Category:Articles_with_unsourced_statements_from_February_2015" title="Category:Articles with unsourced statements from February 2015">Articles with unsourced statements from February 2015</a></li><li><a href="/wiki/Category:Articles_containing_potentially_dated_statements_from_July_2021" title="Category:Articles containing potentially dated statements from July 2021">Articles containing potentially dated statements from July 2021</a></li><li><a href="/wiki/Category:Articles_containing_potentially_dated_statements_from_August_2019" title="Category:Articles containing potentially dated statements from August 2019">Articles containing potentially dated statements from August 2019</a></li><li><a href="/wiki/Category:Articles_with_unsourced_statements_from_February_2019" title="Category:Articles with unsourced statements from February 2019">Articles with unsourced statements from February 2019</a></li><li><a href="/wiki/Category:Commons_category_link_is_locally_defined" title="Category:Commons category link is locally defined">Commons category link is locally defined</a></li></ul></div></div> </div> </main> </div> <div class="mw-footer-container"> <footer id="footer" class="mw-footer" > <ul id="footer-info"> <li id="footer-info-lastmod"> This page was last edited on 15 November 2024, at 14:07 (UTC).</li> <li id="footer-info-copyright">Text is available under the <a href="/wiki/Wikipedia:Text_of_the_Creative_Commons_Attribution-ShareAlike_4.0_International_License" title="Wikipedia:Text of the Creative Commons Attribution-ShareAlike 4.0 International License">Creative Commons Attribution-ShareAlike 4.0 License</a>; additional terms may apply. By using this site, you agree to the <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use" class="extiw" title="foundation:Special:MyLanguage/Policy:Terms of Use">Terms of Use</a> and <a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy" class="extiw" title="foundation:Special:MyLanguage/Policy:Privacy policy">Privacy Policy</a>. Wikipedia® is a registered trademark of the <a rel="nofollow" class="external text" href="https://wikimediafoundation.org/">Wikimedia Foundation, Inc.</a>, a non-profit organization.</li> </ul> <ul id="footer-places"> <li id="footer-places-privacy"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy">Privacy policy</a></li> <li id="footer-places-about"><a href="/wiki/Wikipedia:About">About Wikipedia</a></li> <li id="footer-places-disclaimers"><a href="/wiki/Wikipedia:General_disclaimer">Disclaimers</a></li> <li id="footer-places-contact"><a href="//en.wikipedia.org/wiki/Wikipedia:Contact_us">Contact Wikipedia</a></li> <li id="footer-places-wm-codeofconduct"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct">Code of Conduct</a></li> <li id="footer-places-developers"><a href="https://developer.wikimedia.org">Developers</a></li> <li id="footer-places-statslink"><a href="https://stats.wikimedia.org/#/en.wikipedia.org">Statistics</a></li> <li id="footer-places-cookiestatement"><a href="https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement">Cookie statement</a></li> <li id="footer-places-mobileview"><a href="//en.m.wikipedia.org/w/index.php?title=Transport_Layer_Security&mobileaction=toggle_view_mobile" class="noprint stopMobileRedirectToggle">Mobile view</a></li> </ul> <ul id="footer-icons" class="noprint"> <li id="footer-copyrightico"><a href="https://wikimediafoundation.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/static/images/footer/wikimedia-button.svg" width="84" height="29" alt="Wikimedia Foundation" loading="lazy"></a></li> <li id="footer-poweredbyico"><a href="https://www.mediawiki.org/" class="cdx-button cdx-button--fake-button cdx-button--size-large cdx-button--fake-button--enabled"><img src="/w/resources/assets/poweredby_mediawiki.svg" alt="Powered by MediaWiki" width="88" height="31" loading="lazy"></a></li> </ul> </footer> </div> </div> </div> <div class="vector-settings" id="p-dock-bottom"> <ul></ul> </div><script>(RLQ=window.RLQ||[]).push(function(){mw.config.set({"wgHostname":"mw-web.codfw.main-f69cdc8f6-jvw68","wgBackendResponseTime":157,"wgPageParseReport":{"limitreport":{"cputime":"3.031","walltime":"3.285","ppvisitednodes":{"value":48159,"limit":1000000},"postexpandincludesize":{"value":783433,"limit":2097152},"templateargumentsize":{"value":21952,"limit":2097152},"expansiondepth":{"value":26,"limit":100},"expensivefunctioncount":{"value":31,"limit":500},"unstrip-depth":{"value":1,"limit":20},"unstrip-size":{"value":1056976,"limit":5000000},"entityaccesscount":{"value":0,"limit":400},"timingprofile":["100.00% 2833.610 1 -total"," 41.85% 1185.758 3 Template:Reflist"," 20.32% 575.761 119 Template:Cite_web"," 20.31% 575.432 12 Template:Ref_RFC"," 16.57% 469.524 34 Template:Cite_IETF"," 11.68% 330.832 128 Template:IETF_RFC"," 11.09% 314.276 129 Template:Catalog_lookup_link"," 8.16% 231.138 12 Template:Ref_RFC/getref"," 4.51% 127.890 1 Template:Harvnb"," 4.22% 119.565 1 Template:IPstack"]},"scribunto":{"limitreport-timeusage":{"value":"1.655","limit":"10.000"},"limitreport-memusage":{"value":10486294,"limit":52428800},"limitreport-logs":"anchor_id_list = table#1 {\n [\"BEAST\"] = 1,\n [\"BERserk\"] = 1,\n [\"BREACH\"] = 1,\n [\"BREACH_attack\"] = 1,\n [\"CITEREFA._LangleyN._ModaduguB._Moeller2010\"] = 1,\n [\"CITEREFAbdouvan_Oorschot2017\"] = 1,\n [\"CITEREFAlFardanBernsteinPatersonPoettering\"] = 1,\n [\"CITEREFAlFardanBernsteinPatersonPoettering2013\"] = 2,\n [\"CITEREFAlFardanPaterson2012\"] = 1,\n [\"CITEREFAudet2009\"] = 1,\n [\"CITEREFBard2006\"] = 1,\n [\"CITEREFBarnes2015\"] = 1,\n [\"CITEREFBernat2011\"] = 1,\n [\"CITEREFBleichenbacher2006\"] = 1,\n [\"CITEREFBodo_Möller,_Thai_DuongKrzysztof_Kotowicz\"] = 1,\n [\"CITEREFBright2018\"] = 1,\n [\"CITEREFCanvel\"] = 1,\n [\"CITEREFChris2009\"] = 1,\n [\"CITEREFClark_Estes2017\"] = 1,\n [\"CITEREFCory_Doctorow2019\"] = 1,\n [\"CITEREFD._Taylor,_Ed.2007\"] = 1,\n [\"CITEREFDaignière\"] = 2,\n [\"CITEREFDiffievan_OorschotWiener1992\"] = 1,\n [\"CITEREFDimcev\"] = 1,\n [\"CITEREFDurumericMaSpringallBarnes2017\"] = 1,\n [\"CITEREFFisher2012\"] = 1,\n [\"CITEREFGeorgievIyengarJanaAnubhai2012\"] = 1,\n [\"CITEREFGoodin2011\"] = 1,\n [\"CITEREFGoodin2012\"] = 1,\n [\"CITEREFGoodin2013\"] = 1,\n [\"CITEREFGoodin2015\"] = 3,\n [\"CITEREFGoodin2016\"] = 3,\n [\"CITEREFGothard2013\"] = 1,\n [\"CITEREFGreen2013\"] = 1,\n [\"CITEREFGreene\"] = 1,\n [\"CITEREFGruener\"] = 1,\n [\"CITEREFHoffman-Andrews\"] = 1,\n [\"CITEREFHoffman-Andrews2019\"] = 1,\n [\"CITEREFHonda,_OsamuOhsaki,_HiroyukiImase,_MakotoIshizuka,_Mika2005\"] = 1,\n [\"CITEREFHooper2012\"] = 1,\n [\"CITEREFIETF_–_Internet_Engineering_Task_Force2017\"] = 1,\n [\"CITEREFIETF_–_Internet_Engineering_Task_Force2018\"] = 1,\n [\"CITEREFIvan_Ristic2022\"] = 1,\n [\"CITEREFJohn_Leyden2013\"] = 1,\n [\"CITEREFJoshua_Davies2010\"] = 1,\n [\"CITEREFL.S._HuangS._AdhikarlaD._BonehC._Jackson2014\"] = 1,\n [\"CITEREFLangley2013\"] = 1,\n [\"CITEREFLangley2014\"] = 1,\n [\"CITEREFLangley2015\"] = 1,\n [\"CITEREFLaura_K._Gray2015\"] = 1,\n [\"CITEREFLawrenceKhare2000\"] = 1,\n [\"CITEREFLeyden2013\"] = 1,\n [\"CITEREFLeyden2016\"] = 1,\n [\"CITEREFMSRC2012\"] = 1,\n [\"CITEREFMackie\"] = 1,\n [\"CITEREFMavrogiannopoulos,_NikosVercautern,_FrederikVelichkov,_VesselinPreneel,_Bart2012\"] = 1,\n [\"CITEREFMessmer\"] = 1,\n [\"CITEREFOppliger2016\"] = 1,\n [\"CITEREFP._Eronen,_Ed.2005\"] = 1,\n [\"CITEREFP._Gutmann2014\"] = 1,\n [\"CITEREFPolk,_TimMcKay,_KerryChokhani,_Santosh2014\"] = 1,\n [\"CITEREFPouyan_SepehrdadSerge_VaudenayMartin_Vuagnoux2011\"] = 1,\n [\"CITEREFQualys_SSL_Labs\"] = 1,\n [\"CITEREFRaymond2017\"] = 1,\n [\"CITEREFRea2013\"] = 1,\n [\"CITEREFRescorla2001\"] = 1,\n [\"CITEREFRescorla2009\"] = 1,\n [\"CITEREFRescorla2018\"] = 1,\n [\"CITEREFRescorlaModadugu2006\"] = 1,\n [\"CITEREFRescorlaModadugu2012\"] = 1,\n [\"CITEREFRescorlaTschofenigModadugu2022\"] = 1,\n [\"CITEREFRistic2013\"] = 3,\n [\"CITEREFRyan_Singel2010\"] = 1,\n [\"CITEREFSean_Turner2015\"] = 1,\n [\"CITEREFSeth_Schoen2010\"] = 1,\n [\"CITEREFShefferHolzSaint-Andre2015\"] = 1,\n [\"CITEREFSmith\"] = 1,\n [\"CITEREFSmith2011\"] = 1,\n [\"CITEREFSmythPironti2013\"] = 1,\n [\"CITEREFSpottLeek\"] = 1,\n [\"CITEREFStephen_A._Thomas2000\"] = 1,\n [\"CITEREFSullivan2017\"] = 1,\n [\"CITEREFThai_DuongJuliano_Rizzo2011\"] = 1,\n [\"CITEREFThomsonPauly2021\"] = 1,\n [\"CITEREFTitz2001\"] = 1,\n [\"CITEREFValsorda2015\"] = 1,\n [\"CITEREFValsorda2016\"] = 1,\n [\"CITEREFWagnerSchneier,_Bruce1996\"] = 1,\n [\"CITEREFWooBindignavleSuLam1994\"] = 1,\n [\"CITEREFivanr2013\"] = 1,\n [\"CRIME\"] = 1,\n [\"CRIME_attack\"] = 1,\n [\"DNS\"] = 1,\n [\"Downgrade_attacks\"] = 1,\n [\"FREAK\"] = 1,\n [\"Heartbleed\"] = 1,\n [\"Logjam\"] = 1,\n [\"Logjam_attack\"] = 1,\n [\"POODLE\"] = 1,\n [\"RC4\"] = 1,\n [\"SNP\"] = 1,\n [\"cipher-table\"] = 1,\n [\"integrity-table\"] = 1,\n [\"keyexchange-table\"] = 1,\n}\ntemplate_list = table#1 {\n [\"0\"] = 4,\n [\"Abbr\"] = 1,\n [\"Anchor\"] = 14,\n [\"As of\"] = 3,\n [\"Bad\"] = 50,\n [\"CNone\"] = 1,\n [\"CVE\"] = 1,\n [\"Cbignore\"] = 2,\n [\"Citation\"] = 4,\n [\"Citation needed\"] = 2,\n [\"Cite IETF\"] = 10,\n [\"Cite book\"] = 10,\n [\"Cite conference\"] = 5,\n [\"Cite ietf\"] = 2,\n [\"Cite journal\"] = 7,\n [\"Cite magazine\"] = 1,\n [\"Cite news\"] = 9,\n [\"Cite tech report\"] = 1,\n [\"Cite thesis\"] = 1,\n [\"Cite web\"] = 119,\n [\"Commons category\"] = 1,\n [\"Depends\"] = 27,\n [\"Dunno\"] = 1,\n [\"Further\"] = 2,\n [\"Good\"] = 26,\n [\"Harvnb\"] = 1,\n [\"IETF RFC\"] = 99,\n [\"IPstack\"] = 1,\n [\"Main\"] = 10,\n [\"N/A\"] = 107,\n [\"No\"] = 65,\n [\"Nowrap\"] = 3,\n [\"Partial\"] = 3,\n [\"Redirect\"] = 1,\n [\"Ref\"] = 1,\n [\"Ref RFC\"] = 12,\n [\"Reflist\"] = 3,\n [\"Refn\"] = 3,\n [\"SSL/TLS\"] = 1,\n [\"Section link\"] = 7,\n [\"See also\"] = 3,\n [\"Short description\"] = 1,\n [\"Slink\"] = 2,\n [\"Unknown\"] = 3,\n [\"VPN\"] = 1,\n [\"Version\"] = 13,\n [\"Web browsers\"] = 1,\n [\"Webarchive\"] = 3,\n [\"Yes\"] = 90,\n}\narticle_whitelist = table#1 {\n}\n","limitreport-profile":[["MediaWiki\\Extension\\Scribunto\\Engines\\LuaSandbox\\LuaSandboxCallback::callParserFunction","280","14.7"],["MediaWiki\\Extension\\Scribunto\\Engines\\LuaSandbox\\LuaSandboxCallback::getExpandedArgument","280","14.7"],["?","180","9.5"],["MediaWiki\\Extension\\Scribunto\\Engines\\LuaSandbox\\LuaSandboxCallback::getAllExpandedArguments","160","8.4"],["recursiveClone \u003CmwInit.lua:45\u003E","120","6.3"],["dataWrapper \u003Cmw.lua:672\u003E","80","4.2"],["MediaWiki\\Extension\\Scribunto\\Engines\\LuaSandbox\\LuaSandboxCallback::match","80","4.2"],["MediaWiki\\Extension\\Scribunto\\Engines\\LuaSandbox\\LuaSandboxCallback::sub","80","4.2"],["type","80","4.2"],["\u003Cmw.lua:694\u003E","60","3.2"],["[others]","500","26.3"]]},"cachereport":{"origin":"mw-web.codfw.main-f69cdc8f6-hhmqd","timestamp":"20241122140454","ttl":2592000,"transientcontent":false}}});});</script> <script type="application/ld+json">{"@context":"https:\/\/schema.org","@type":"Article","name":"Transport Layer Security","url":"https:\/\/en.wikipedia.org\/wiki\/Transport_Layer_Security","sameAs":"http:\/\/www.wikidata.org\/entity\/Q206494","mainEntity":"http:\/\/www.wikidata.org\/entity\/Q206494","author":{"@type":"Organization","name":"Contributors to Wikimedia projects"},"publisher":{"@type":"Organization","name":"Wikimedia Foundation, Inc.","logo":{"@type":"ImageObject","url":"https:\/\/www.wikimedia.org\/static\/images\/wmf-hor-googpub.png"}},"datePublished":"2001-12-07T18:25:14Z","dateModified":"2024-11-15T14:07:00Z","headline":"cryptographic protocols for securing data in transit"}</script> </body> </html>