M5.8 Short Paper
Introduction
As explained in M5.4: Secure Socket Layer (SSL) and Transport Layer Security (TLS) are two cryptographic security protocols used for Internet security; however, since their inception in the early 1990s, SSL and TLS have been vulnerable to various attacks. For this activity, you will analyze SSL and TLS attack vectors.
Instructions
Begin by reading the following:
Commonly reported SSL/TLS vulnerabilities https://sites.google.com/site/bughunteruniversity/nonvuln/commonly-reported-ssl-tls-vulnerabilities
Attack vectors against TLS, implementation bugs, and how to mitigate TLS vulnerabilities in NGINX
https://www.cloudinsidr.com/content/known-attack-vectors-against-tls-implementation-vulnerabilities/
SSL/TLS Vulnerabilities Leave Room for Security Breaches https://www.metaminds.com/minds/ssl-tls-vulnerabilities-leave-room-for-security-breaches/
TLS Security 6: Examples of TLS Vulnerabilities and Attacks https://www.acunetix.com/blog/articles/tls-vulnerabilities-attacks-final-part/
Next, submit a 1 to 2-page paper discussing the following:
What are the steps or components of the chosen SSL/TLS attack?
What are the vulnerabilities this attack exploits?
List the necessary measures to patch the vulnerable server.