News

Internet taskforce officially cancels SSL 3.0 due to insecurity

By admin
Spread the love

SSL 3.0 is officially defunct and not secure enough to use, the Internet Engineering Task Force reported in a request for comments. Those who have not yet done so should switch to, for example, tls 1.2, according to the IETF.

With the denial via IETF’s rfc 7568, the end of the use of SSL 3.0 has become official policy of the Internet Engineering Task Force. That ending comes as no surprise: a draft of the announcement has already appeared. SSL 3.0 is no longer secure enough for use. “The replacement versions, especially transport layer security 1.2, are much more secure and capable,” the task force wrote.

Most companies and organizations have already stopped using ssl 3.0. Now that quitting is an official IETF policy, the last users must also say goodbye to the protocol. Sslv3 was the completely rewritten successor to version 2, whose encryption was not strong enough in 1996. Incidentally, the ssl 3.0 protocol was only officially specified by the IETF in a ‘historical document’ in 2011.

SSL 3.0 has been considered obsolete for years, but continued to be widely used. The death knell for protocol came in October last year, with the discovery of the Poodle vulnerability. This weakness was not in a specific SSL implementation, but in the underlying protocol.

You might also like
News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Meta introduces open source language model Llama 2, works on PCs and phones

News

Valve releases major Team Fortress 2 update with community maps and new taunts

News

Senate adopts bill to make doxing a punishable offense

News

Apple withdraws Rapid Security Response security update for WebKit vulnerability