Is TLS / SSLv3 Insecure?

Question

Is TLS / SSLv3 Insecure?

Playing with the idea for a F2F network application, I just read about secure communications. I quickly agreed with the idea of using TLS / SSL as the basis for any connection, as it uses public key encryption at the protocol level and is thus ideal for my needs. However, I was surprised to read (via wikipedia) that the latest version of TLS, SSLv3 uses a combination of MD5 and SHA-1, because if any vulnerability was discovered in one of these algorithms, the other could prevent it from compromising SSLv3. "However , as I understand it, recently both were found to be erroneous!

So my questions are:
Doesn't that mean that SSLv3 is mostly messed up, or am I not reading enough?
And if so, is there a “secure” alternative to SSLv3?

+3

ssl encryption

CSkau May 16, '10 at 18:03

source share

2 answers

MD5 SHA-1 MD5 SHA-1 TLS. , , TLS - MD5 SHA-1 (, - MD5 SHA-1, , , ), SSH, .

+5

Thomas Pornin 16 '10 22:44

Einstein · Accepted Answer · 2010-05-16T18:56:02+0000

The PRF used in TLSv1 and all previous SSL versions use xor MD5 and SHA1. Collisions with both hashing algorithms are possible. MD5 collisions are much easier to generate. From wikipedia 2 ^ 24 MD5 vs 2 ^ 63 SHA1 operations. In TLSv2, PRF, rather than hard-coded, can now be negotiated in the same way as basic ciphers in earlier versions of SSL. The original must implement unmixed SHA2 for TLSv2.

, , .

, , , . ( )

PRF ( ) , , - , , , . , .

-, , .

, TLS - , MD5/SHA1 . .

Is TLS / SSLv3 Insecure?

More articles: