Editing Transport Layer Security (section)

===SSL 1.0, 2.0, and 3.0===
{{redirect|SSL 1|the enzyme|Presqualene diphosphate synthase}}
Netscape developed the original SSL protocols, and [[Taher Elgamal]], chief scientist at [[Netscape|Netscape Communications]] from 1995 to 1998, has been described as the "father of SSL".<ref name="Messmer">{{cite news|last=Messmer|first=Ellen|title=Father of SSL, Dr. Taher Elgamal, Finds Fast-Moving IT Projects in the Middle East|url=http://www.networkworld.com/news/2012/120412-elgamal-264739.html|work=Network World|access-date=30 May 2014|url-status=dead|archive-url=https://web.archive.org/web/20140531105537/http://www.networkworld.com/news/2012/120412-elgamal-264739.html|archive-date=31 May 2014}}</ref><ref name="Greene">{{cite news|last=Greene|first=Tim|title=Father of SSL says despite attacks, the security linchpin has lots of life left|url=http://www.networkworld.com/news/2011/101111-elgamal-251806.html|work=Network World|access-date=30 May 2014|url-status=dead|archive-url=https://web.archive.org/web/20140531105257/http://www.networkworld.com/news/2011/101111-elgamal-251806.html|archive-date=31 May 2014}}</ref><ref name=Oppliger>{{cite book|title=SSL and TLS: Theory and Practice|edition=2nd|last=Oppliger|first=Rolf|year=2016|chapter=Introduction|chapter-url=https://books.google.com/books?id=jm6uDgAAQBAJ&pg=PA15|page=13|publisher=[[Artech House]]|isbn=978-1-60807-999-5|via=Google Books|access-date=2018-03-01}}</ref><ref>{{cite web|archive-url=https://web.archive.org/web/19970614020952/http://home.netscape.com/newsref/std/SSL.html|archive-date=14 June 1997|title=THE SSL PROTOCOL|url=http://home.netscape.com/newsref/std/SSL.html|publisher=Netscape Corporation|year=2007}}</ref> SSL version 1.0 was never publicly released because of serious security flaws in the protocol. Version 2.0, after being released in February 1995 was quickly found to contain a number of security and usability flaws. It used the same cryptographic keys for message authentication and encryption. It had a weak MAC construction that used the MD5 hash function with a secret prefix, making it vulnerable to length extension attacks. It also provided no protection for either the opening handshake or an explicit message close, both of which meant [[man-in-the-middle attacks]] could go undetected. Moreover, SSL 2.0 assumed a single service and a fixed domain certificate, conflicting with the widely used feature of virtual hosting in Web servers, so most websites were effectively impaired from using SSL.

These flaws necessitated the complete redesign of the protocol to SSL version 3.0.<ref>{{harvnb|Rescorla|2001}}</ref><ref name=Oppliger/> Released in 1996, it was produced by [[Paul Carl Kocher|Paul Kocher]] working with Netscape engineers Phil Karlton and Alan Freier, with a reference implementation by Christopher Allen and Tim Dierks of Certicom. Newer versions of SSL/TLS are based on SSL 3.0. The 1996 draft of SSL 3.0 was published by IETF as a historical document in {{IETF RFC|6101}}.

SSL 2.0 was deprecated in 2011 by {{IETF RFC|6176}}. In 2014, SSL 3.0 was found to be vulnerable to the [[POODLE]] attack that affects all [[block cipher]]s in SSL; [[RC4]], the only non-block cipher supported by SSL 3.0, is also feasibly broken as used in SSL 3.0.<ref name="Poodle">{{cite web|url=https://access.redhat.com/articles/1232123|title=POODLE: SSLv3 vulnerability (CVE-2014-3566)|access-date=21 October 2014|url-status=live|archive-url=https://web.archive.org/web/20141205124712/https://access.redhat.com/articles/1232123|archive-date=5 December 2014}}</ref> SSL 3.0 was deprecated in June 2015 by {{IETF RFC|7568}}.