Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Transport Layer Security
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
===={{Anchor|Downgrade attacks}}Downgrade attacks: {{Anchor|FREAK}}FREAK attack and {{Anchor|Logjam attack|Logjam}}Logjam attack==== {{Main|Downgrade attack|FREAK|Logjam (computer security)}} A protocol [[downgrade attack]] (also called a version rollback attack) tricks a web server into negotiating connections with previous versions of TLS (such as SSLv2) that have long since been abandoned as insecure. Previous modifications to the original protocols, like '''False Start'''<ref>{{cite journal|title=Transport Layer Security (TLS) False Start|url=http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00|journal=Internet Engineering Task Force|publisher=IETF|access-date=2013-07-31|author1=A. Langley|author2=N. Modadugu|author3=B. Moeller|date=2010-06-02|url-status=live|archive-url=https://web.archive.org/web/20130905215608/http://tools.ietf.org/html/draft-bmoeller-tls-falsestart-00|archive-date=2013-09-05}}</ref> (adopted and enabled by Google Chrome<ref>{{cite web|first=Wolfgang|last=Gruener|title=False Start: Google Proposes Faster Web, Chrome Supports It Already|url=http://www.conceivablytech.com/3299/products/false-start-google-proposes-faster-web-chrome-supports-it-already|access-date=2011-03-09|archive-url=https://web.archive.org/web/20101007061707/http://www.conceivablytech.com/3299/products/false-start-google-proposes-faster-web-chrome-supports-it-already|archive-date=2010-10-07}}</ref>) or '''Snap Start''', reportedly introduced limited TLS protocol downgrade attacks<ref>{{cite web|first=Brian|last=Smith|title=Limited rollback attacks in False Start and Snap Start|url=http://www.ietf.org/mail-archive/web/tls/current/msg06933.html|access-date=2011-03-09|url-status=live|archive-url=https://web.archive.org/web/20110504014418/http://www.ietf.org/mail-archive/web/tls/current/msg06933.html|archive-date=2011-05-04}}</ref> or allowed modifications to the cipher suite list sent by the client to the server. In doing so, an attacker might succeed in influencing the cipher suite selection in an attempt to downgrade the cipher suite negotiated to use either a weaker symmetric encryption algorithm or a weaker key exchange.<ref>{{cite web|first=Adrian|last=Dimcev|title=False Start|url=http://www.carbonwind.net/blog/post/Random-SSLTLS-101-False-Start.aspx|work=Random SSL/TLS 101|access-date=2011-03-09|url-status=live|archive-url=https://web.archive.org/web/20110504060256/http://www.carbonwind.net/blog/post/Random-SSLTLS-101-False-Start.aspx|archive-date=2011-05-04}}</ref> A paper presented at an [[Association for Computing Machinery|ACM]] [[Computer security conference|conference on computer and communications security]] in 2012 demonstrated that the False Start extension was at risk: in certain circumstances it could allow an attacker to recover the encryption keys offline and to access the encrypted data.<ref>{{cite book|author1=Mavrogiannopoulos, Nikos|author2=Vercautern, Frederik|author3=Velichkov, Vesselin|author4=Preneel, Bart|title=A cross-protocol attack on the TLS protocol. Proceedings of the 2012 ACM conference on Computer and communications security|year=2012|isbn=978-1-4503-1651-4|url=https://www.cosic.esat.kuleuven.be/publications/article-2216.pdf|pages=62–72|publisher=Association for Computing Machinery |url-status=live|archive-url=https://web.archive.org/web/20150706104327/https://www.cosic.esat.kuleuven.be/publications/article-2216.pdf|archive-date=2015-07-06}}</ref> Encryption downgrade attacks can force servers and clients to negotiate a connection using cryptographically weak keys. In 2014, a [[man-in-the-middle]] attack called FREAK was discovered affecting the [[OpenSSL]] stack, the default [[Android (operating system)|Android]] web browser, and some [[Safari (web browser)|Safari]] browsers.<ref>{{cite web|title=SMACK: State Machine AttaCKs|url=https://www.smacktls.com|url-status=live|archive-url=https://web.archive.org/web/20150312074827/https://www.smacktls.com|archive-date=2015-03-12}}</ref> The attack involved tricking servers into negotiating a TLS connection using cryptographically weak 512 bit encryption keys. Logjam is a [[security exploit]] discovered in May 2015 that exploits the option of using legacy [[Arms Export Control Act|"export-grade"]] 512-bit [[Diffie–Hellman key exchange|Diffie–Hellman]] groups dating back to the 1990s.<ref>{{cite web|url=https://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers|title=HTTPS-crippling attack threatens tens of thousands of Web and mail servers|first=Dan|last=Goodin|work=Ars Technica|date=2015-05-20|url-status=live|archive-url=https://web.archive.org/web/20170519130937/https://arstechnica.com/security/2015/05/https-crippling-attack-threatens-tens-of-thousands-of-web-and-mail-servers|archive-date=2017-05-19}}</ref> It forces susceptible servers to downgrade to cryptographically weak 512-bit Diffie–Hellman groups. An attacker can then deduce the keys the client and server determine using the [[Diffie–Hellman key exchange]].
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)