SSL协议_一_概述

最新推荐文章于 2024-11-23 15:55:01 发布
原创 最新推荐文章于 2024-11-23 15:55:01 发布 · 1.2k 阅读 · 0 ·
CC 4.0 BY-SA版权
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。

本文详细介绍了TLS/SSL协议的不同版本及其支持的算法,包括密钥交换、认证、加密及完整性保护等。同时对比了不同浏览器和操作系统的支持情况,并讨论了各种已知的安全漏洞。

参考:https://en.wikipedia.org/wiki/Transport_Layer_Security

 

 

Authentication and key exchange/agreement
AlgorithmSSL 2.0SSL 3.0TLS 1.0TLS 1.1TLS 1.2TLS 1.3
(Draft)		Status
RSAYesYesYesYesYesNoDefined for TLS 1.2 in RFCs
DH-RSANoYesYesYesYesNo
DHE-RSA (forward secrecy)NoYesYesYesYesYes
ECDH-RSANoNoYesYesYesNo
ECDHE-RSA (forward secrecy)NoNoYesYesYesYes
DH-DSSNoYesYesYesYesNo
DHE-DSS (forward secrecy)NoYesYesYesYesNo[22]
ECDH-ECDSANoNoYesYesYesNo
ECDHE-ECDSA (forward secrecy)NoNoYesYesYesYes
PSKNoNoYesYesYes 
PSK-RSANoNoYesYesYes 
DHE-PSK (forward secrecy)NoNoYesYesYes 
ECDHE-PSK (forward secrecy)NoNoYesYesYes 
SRPNoNoYesYesYes 
SRP-DSSNoNoYesYesYes 
SRP-RSANoNoYesYesYes 
KerberosNoNoYesYesYes 
DH-ANON (insecure)NoYesYesYesYes 
ECDH-ANON (insecure)NoNoYesYesYes 
GOST R 34.10-94 / 34.10-2001[23]NoNoYesYesYes Proposed in RFC drafts

 

 

Cipher security against publicly known feasible attacks
CipherProtocol versionStatus
TypeAlgorithmStrength (bits)SSL 2.0SSL 3.0
[n 1][n 2][n 3][n 4]		TLS 1.0
[n 1][n 3]		TLS 1.1
[n 1]		TLS 1.2
[n 1]		TLS 1.3
(Draft)
Block cipher
with
mode of operation		AES GCM[24][n 5]256, 128N/AN/AN/AN/ASecureSecureDefined for TLS 1.2 in RFCs
AES CCM[25][n 5]N/AN/AN/AN/ASecureSecure
AES CBC[n 6]N/AN/ADepends on mitigationsSecureSecureN/A
Camellia GCM[26][n 5]256, 128N/AN/AN/AN/ASecureSecure
Camellia CBC[27][n 6]N/AN/ADepends on mitigationsSecureSecureN/A
ARIA GCM[28][n 5]256, 128N/AN/AN/AN/ASecureSecure
ARIA CBC[28][n 6]N/AN/ADepends on mitigationsSecureSecureN/A
SEED CBC[29][n 6]128N/AN/ADepends on mitigationsSecureSecureN/A
3DES EDE CBC[n 6]112[n 7]InsecureInsecureLow strength, Depends on mitigationsLow strengthLow strengthN/A
GOST 28147-89 CNT[23]256N/AN/ASecureSecureSecure Proposed in RFC drafts
IDEA CBC[n 6][n 8]128InsecureInsecureDepends on mitigationsSecureN/AN/ARemoved from TLS 1.2
DES CBC[n 6][n 8]56InsecureInsecureInsecureInsecureN/AN/A
40[n 9]InsecureInsecureInsecureN/AN/AN/AForbidden in TLS 1.1 and later
RC2 CBC[n 6]40[n 9]InsecureInsecureInsecureN/AN/AN/A
Stream cipherChaCha20-Poly1305[33][n 5]256N/AN/AN/AN/ASecureSecureProposed in RFC drafts
RC4[n 10]128InsecureInsecureInsecureInsecureInsecureN/AProhibited in all versions of TLS
40[n 9]InsecureInsecureInsecureN/AN/AN/A
NoneNull[n 11]-N/AInsecureInsecureInsecureInsecureInsecureDefined for TLS 1.2 in RFCs

 

Data integrity
AlgorithmSSL 2.0SSL 3.0TLS 1.0TLS 1.1TLS 1.2TLS 1.3
(Draft)		Status
HMAC-MD5YesYesYesYesYes Defined for TLS 1.2 in RFCs
HMAC-SHA1NoYesYesYesYes 
HMAC-SHA256/384NoNoNoNoYes 
AEADNoNoNoNoYes 
GOST 28147-89 IMIT[23]NoNoYesYesYes Proposed in RFC drafts
GOST R 34.11-94[23]NoNoYesYesYes 

 

 

 

Library support for TLS/SSL
ImplementationSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0TLS 1.1TLS 1.2TLS 1.3
(Draft)
BotanNoNo[155]YesYesYes 
cryptlibNoEnabled by defaultYesYesYes 
GnuTLSNo[a]Disabled by default[156]YesYesYes 
Java Secure Socket ExtensionNo[a]Disabled by default[b]YesYesYes 
LibreSSLNo[157]No[158]YesYesYes 
MatrixSSLNo[a]Disabled by default at compile time[159]YesYesYes 
mbed TLS (previously PolarSSL)NoEnabled by defaultYesYesYes 
Network Security ServicesDisabled by default[a]Disabled by default[160]YesYes[161]Yes[162] 
OpenSSLEnabled by defaultEnabled by defaultYesYes[163]Yes[163] 
RSA BSAFE[164]NoYesYesYesYes 
SChannel XP / 2003[165]Disabled by default by MSIE 7Enabled by defaultEnabled by default by MSIE 7NoNo 
SChannel Vista / 2008[166]Disabled by defaultEnabled by defaultYesNoNo 
SChannel 7 / 2008 R2[167]Disabled by defaultDisabled by default in MSIE 11YesEnabled by default by MSIE 11Enabled by default by MSIE 11 
SChannel 8 / 2012[167]Disabled by defaultEnabled by defaultYesDisabled by defaultDisabled by default 
SChannel 8.1 / 2012 R2, 10[167]Disabled by defaultDisabled by default in MSIE 11YesYesYes 
Secure Transport OS X 10.2-10.7 / iOS 1-4YesYesYesNoNo 
Secure Transport OS X 10.8-10.10 / iOS 5-8No[c]YesYesYes[c]Yes[c] 
Secure Transport OS X 10.11 / iOS 9NoNo[c]YesYesYes 
SharkSSLNoEnabled by defaultYesYesYes 
wolfSSL (previously CyaSSL)NoDisabled by default[168]YesYesYes 
ImplementationSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0TLS 1.1TLS 1.2TLS 1.3
(Draft)

 

 

Website protocol support
Protocol
version		Website
support[35]		Security[35][36]
SSL 2.010.8% (−0.4%)Insecure
SSL 3.033.8% (−1.2%)Insecure[37]
TLS 1.099.2% (−0.1%)Depends on cipher[n 1] and client mitigations[n 2]
TLS 1.164.3% (+1.4%)Depends on cipher[n 1] and client mitigations[n 2]
TLS 1.266.5% (+1.4%)Depends on cipher[n 1] and client mitigations[n 2]
TLS 1.3
(Draft)		N/A 

 

TLS/SSL support history of web browsers
BrowserVersionPlatformsSSL protocolsTLS protocolsCertificate SupportVulnerabilities fixed[n 1]Protocol selection by user
[n 2]
SSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0TLS 1.1TLS 1.2EV
[n 3][38]		SHA-2
[39]		ECDSA
[40]		BEAST[n 4]CRIME[n 5]POODLE (SSLv3)[n 6]RC4[n 7]FREAK[41][42]Logjam
Google Chrome
(Chrome for Android)
[n 8]
[n 9]		1–9Windows (XP SP2+)
OS X (10.7+)
Linux
Android (4.0+)
iOS (7.0+)
Chrome OS		Disabled by defaultEnabled by defaultYesNoNoYes
(only desktop)		needs SHA-2 compatible OS[39]needs ECC compatible OS[40]Not affected
[47]		Vulnerable
(HTTPS)		VulnerableVulnerableVulnerable
(except Windows)		VulnerableYes[n 10]
10–20No[48]Enabled by defaultYesNoNoYes
(only desktop)		needs SHA-2 compatible OS[39]needs ECC compatible OS[40]Not affectedVulnerable
(HTTPS/SPDY)		VulnerableVulnerableVulnerable
(except Windows)		VulnerableYes[n 10]
21NoEnabled by defaultYesNoNoYes
(only desktop)		needs SHA-2 compatible OS[39]needs ECC compatible OS[40]Not affectedMitigated
[49]		VulnerableVulnerableVulnerable
(except Windows)		VulnerableYes[n 10]
22–25NoEnabled by defaultYesYes[50]No[50][51][52][53]Yes
(only desktop)		needs SHA-2 compatible OS[39]needs ECC compatible OS[40]Not affectedMitigatedVulnerableVulnerableVulnerable
(except Windows)		VulnerableTemporary
[n 11]
26–29NoEnabled by defaultYesYesNoYes
(only desktop)		needs SHA-2 compatible OS[39]needs ECC compatible OS[40]Not affectedMitigatedVulnerableVulnerableVulnerable
(except Windows)		VulnerableTemporary
[n 11]
30–32NoEnabled by defaultYesYesYes[51][52][53]Yes
(only desktop)		needs SHA-2 compatible OS[39]needs ECC compatible OS[40]Not affectedMitigatedVulnerableVulnerableVulnerable
(except Windows)		VulnerableTemporary
[n 11]
33–37NoEnabled by defaultYesYesYesYes
(only desktop)		needs SHA-2 compatible OS[39]needs ECC compatible OS[40]Not affectedMitigatedPartly mitigated
[n 12]		Lowest priority
[56][57][58]		Vulnerable
(except Windows)		VulnerableTemporary
[n 11]
38–39NoEnabled by defaultYesYesYesYes
(only desktop)		Yesneeds ECC compatible OS[40]Not affectedMitigatedPartly mitigated
[n 12]		Lowest priority
[56][57][58]		Vulnerable
(except Windows)		VulnerableTemporary
[n 11]
40NoDisabled by default
[55][59]		YesYesYesYes
(only desktop)		Yesneeds ECC compatible OS[40]Not affectedMitigatedMitigated
[n 13]		Lowest priorityVulnerable
(except Windows)		VulnerableYes[n 14]
41, 42NoDisabled by defaultYesYesYesYes
(only desktop)		Yesneeds ECC compatible OS[40]Not affectedMitigatedMitigatedLowest priorityMitigatedVulnerableYes[n 14]
43NoDisabled by defaultYesYesYesYes
(only desktop)		Yesneeds ECC compatible OS[40]Not affectedMitigatedMitigatedOnly as fallback
[n 15][60]		MitigatedVulnerableYes[n 14]
4445NoNo[61]YesYesYesYes
(only desktop)		Yesneeds ECC compatible OS[40]Not affectedMitigatedNot affectedOnly as fallback
[n 15]		MitigatedMitigated[62]Temporary
[n 11]
Google Android OS Browser
[63]		Android 1.01.11.51.62.0–2.12.2–2.2.3NoEnabled by defaultYesNoNoUnknownNoNoUnknownUnknownVulnerableVulnerableVulnerableVulnerableNo
Android 2.3–2.3.73.0–3.2.64.0–4.0.44.1–4.3.1NoEnabled by defaultYesNoNoUnknownYes[39]since Android OS 3.0[64]UnknownUnknownVulnerableVulnerableVulnerableVulnerableNo
Android 4.4–4.4.4NoEnabled by defaultYesDisabled by defaultDisabled by defaultUnknownYesYes[40]UnknownUnknownVulnerableVulnerableVulnerableVulnerableNo
Android 5.0-5.0.2NoEnabled by defaultYesYes[65]Yes[65]UnknownYesYesUnknownUnknownVulnerableVulnerableVulnerableVulnerableNo
Android 5.1-5.1.1NoNoYesYesYesUnknownYesYesUnknownUnknownNot affectedVulnerableMitigatedVulnerableNo
Android 6.0NoNoYesYesYesUnknownYesYesUnknownUnknownNot affectedUnknownMitigatedUnknownUnknown
BrowserVersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0TLS 1.1TLS 1.2EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
Mozilla Firefox
(Firefox for mobile)
[n 16]		1.0Windows (XP SP2+)
OS X (10.6+)
Linux
Android (2.3+)
iOS (preview)
Firefox OS
Maemo

ESR only for:
Windows (XP SP2+)
OS X (10.6+)
Linux		Enabled by default
[66]		Enabled by default
[66]		Yes[66]NoNoNoYes[39]NoNot affected
[67]		Not affectedVulnerableVulnerableNot affectedVulnerableYes[n 10]
1.5Enabled by defaultEnabled by defaultYesNoNoNoYesNoNot affectedNot affectedVulnerableVulnerableNot affectedVulnerableYes[n 10]
2Disabled by default
[66][68]		Enabled by defaultYesNoNoNoYesYes[40]Not affectedNot affectedVulnerableVulnerableNot affectedVulnerableYes[n 10]
3–7Disabled by defaultEnabled by defaultYesNoNoYesYesYesNot affectedNot affectedVulnerableVulnerableNot affectedVulnerableYes[n 10]
8–10
ESR 10		No[68]Enabled by defaultYesNoNoYesYesYesNot affectedNot affectedVulnerableVulnerableNot affectedVulnerableYes[n 10]
11–14NoEnabled by defaultYesNoNoYesYesYesNot affectedVulnerable
(SPDY)[49]		VulnerableVulnerableNot affectedVulnerableYes[n 10]
15–22
ESR 17.0–17.0.10		NoEnabled by defaultYesNoNoYesYesYesNot affectedMitigatedVulnerableVulnerableNot affectedVulnerableYes[n 10]
ESR 17.0.11NoEnabled by defaultYesNoNoYesYesYesNot affectedMitigatedVulnerableLowest priority
[69][70]		Not affectedVulnerableYes[n 10]
23NoEnabled by defaultYesDisabled by default
[71]		NoYesYesYesNot affectedMitigatedVulnerableVulnerableNot affectedVulnerableYes[n 17]
24, 25.0.0
ESR 24.0–24.1.0		NoEnabled by defaultYesDisabled by defaultDisabled by default
[73]		YesYesYesNot affectedMitigatedVulnerableVulnerableNot affectedVulnerableYes[n 17]
25.0.1, 26
ESR 24.1.1		NoEnabled by defaultYesDisabled by defaultDisabled by defaultYesYesYesNot affectedMitigatedVulnerableLowest priority
[69][70]		Not affectedVulnerableYes[n 17]
27–33
ESR 31.0–31.2		NoEnabled by defaultYesYes[74][75]Yes[76][75]YesYesYesNot affectedMitigatedVulnerableLowest priorityNot affectedVulnerableYes[n 17]
34, 35
ESR 31.3–31.7		NoDisabled by default
[77][78]		YesYesYesYesYesYesNot affectedMitigatedMitigated
[n 18]		Lowest priorityNot affectedVulnerableYes[n 17]
ESR 31.8NoDisabled by defaultYesYesYesYesYesYesNot affectedMitigatedMitigatedLowest priorityNot affectedMitigated[81]Yes[n 17]
36–38
ESR 38.0		NoDisabled by defaultYesYesYesYesYesYesNot affectedMitigatedMitigatedOnly as fallback
[n 15][82]		Not affectedVulnerableYes[n 17]
ESR 38.1,
ESR 38.2		ESR 38.3NoDisabled by defaultYesYesYesYesYesYesNot affectedMitigatedMitigatedOnly as fallback
[n 15]		Not affectedMitigated[81]Yes[n 17]
39, 4041NoNo[83]YesYesYesYesYesYesNot affectedMitigatedNot affectedOnly as fallback
[n 15]		Not affectedMitigated[81]Yes[n 17]
42
43NoNoYesYesYesYesYesYesNot affectedMitigatedNot affectedWhitelisted hosts only
[n 19]		Not affectedMitigatedYes[n 17]
44ESR 45NoNoYesYesYesYesYesYesNot affectedMitigatedNot affectedNot affected[n 20]Not affectedMitigatedYes[n 17]
BrowserVersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0TLS 1.1TLS 1.2EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
Microsoft Internet Explorer
[n 21]		1.xWindows 3.195,NT[n 22],[n 23]
Mac OS 78		No SSL/TLS support
2YesNoNoNoNoNoNoNoNo SSL 3.0 or TLS supportVulnerableVulnerableVulnerableN/A
3YesYes[87]NoNoNoNoNoNoVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableUnknown
45Windows 3.19598,NT[n 22],[n 23]
Mac OS 7.18X,
Solaris,HP-UX		Enabled by defaultEnabled by defaultDisabled by default
[87]		NoNoNoNoNoVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableYes[n 10]
6Windows 98ME,NT[n 22]2000[n 23]Enabled by defaultEnabled by defaultDisabled by default
[87]		NoNoNoNoNoVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableYes[n 10]
6Windows XP[n 23]Enabled by defaultEnabled by defaultDisabled by defaultNoNoNoYes
[n 24] [88]		NoMitigatedNot affectedVulnerableVulnerableVulnerableVulnerableYes[n 10]
6Server 2003[n 23]Enabled by defaultEnabled by defaultDisabled by defaultNoNoNoYes
[n 24] [88]		NoMitigatedNot affectedVulnerableVulnerableMitigated
[91]		Mitigated
[92]		Yes[n 10]
78Windows XP[n 23]Disabled by default
[93]		Enabled by defaultYes[93]NoNoYesYes
[n 24] [88]		NoMitigatedNot affectedVulnerableVulnerableVulnerableVulnerableYes[n 10]
78Server 2003[n 23]Disabled by default
[93]		Enabled by defaultYes[93]NoNoYesYes
[n 24] [88]		NoMitigatedNot affectedVulnerableVulnerableMitigated
[91]		Mitigated
[92]		Yes[n 10]
78[n 25]9Windows VistaDisabled by defaultEnabled by defaultYesNoNoYesYesYes[40]MitigatedNot affectedVulnerableVulnerableMitigated
[91]		Mitigated
[92]		Yes[n 10]
Server 2008
8910[n 25]Windows 7Disabled by defaultEnabled by defaultYesDisabled by default
[95]		Disabled by default
[95]		YesYesYesMitigatedNot affectedVulnerableLowest priority
[96][n 26]		Mitigated
[91]		Mitigated
[92]		Yes[n 10]
Server 2008 R2
10[n 25]Windows 8Disabled by defaultEnabled by defaultYesDisabled by default
[95]		Disabled by default
[95]		YesYesYesMitigatedNot affectedVulnerableLowest priority
[96][n 26]		Mitigated
[91]		Mitigated
[92]		Yes[n 10]
10Server 2012
11Windows 7Disabled by defaultDisabled by default
[n 27]		YesYes[98]Yes[98]YesYesYesMitigatedNot affectedMitigated
[n 27]		Lowest priority
[96][n 26]		Mitigated
[91]		Mitigated
[92]		Yes[n 10]
Server 2008 R2
11Windows 8.1Disabled by defaultDisabled by default
[n 27]		YesYes[98]Yes[98]YesYesYesMitigatedNot affectedMitigated
[n 27]		Only as fallback
[n 15][102][103]		Mitigated
[91]		Mitigated
[92]		Yes[n 10]
Server 2012 R2
Microsoft Edge[n 28]
and (as fallback)
Internet Explorer[n 21]		IE 11Edge[n 29]Windows 10Disabled by defaultDisabled by defaultYesYesYesYesYesYesMitigatedNot affectedMitigatedOnly as fallback
[n 15]		MitigatedMitigatedYes[n 10]
Server 2016
Microsoft Internet Explorer Mobile
[n 21]		7, 9Windows Phone 7, 7.5, 7.8Disabled by default
[93]		Enabled by defaultYesNo
[citation needed]		No
[citation needed]		No
[citation needed]		YesYes[64]UnknownNot affectedVulnerableVulnerableVulnerableVulnerableOnly with 3rd party tools[n 30]
10Windows Phone 8Disabled by defaultEnabled by defaultYesDisabled by default
[108]		Disabled by default
[108]		No
[citation needed]		YesYes[109]MitigatedNot affectedVulnerableVulnerableVulnerableVulnerableOnly with 3rd party tools[n 30]
11Windows Phone 8.1Disabled by defaultEnabled by defaultYesYes[110]Yes[110]No
[citation needed]		YesYesMitigatedNot affectedVulnerableOnly as fallback
[n 15][102][103]		VulnerableVulnerableOnly with 3rd party tools[n 30]
Microsoft Edge
[n 28]		EdgeWindows 10 MobileDisabled by defaultDisabled by defaultYesYesYesYesYesYesMitigatedNot affectedMitigatedOnly as fallback
[n 15]		MitigatedUnknownUnknown
BrowserVersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0TLS 1.1TLS 1.2EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
Opera Browser
(Opera Mobile)
(Pre-Presto and Presto)
[n 31]		1-2Windows
OS X
Linux
Android
Symbian S60
Maemo
Windows Mobile		No SSL/TLS support[112]
3Yes[113]NoNoNoNoNoNoNoNo SSL 3.0 or TLS supportVulnerableUnknownUnknownN/A
4YesYes[114]NoNoNoNoNoNoVulnerableNot affectedVulnerableVulnerableUnknownUnknownUnknown
5Enabled by defaultEnabled by defaultYes[115]NoNoNoNoNoVulnerableNot affectedVulnerableVulnerableUnknownUnknownYes[n 10]
6-7Enabled by defaultEnabled by defaultYes[115]NoNoNoYes[39]NoVulnerableNot affectedVulnerableVulnerableUnknownUnknownYes[n 10]
8Enabled by defaultEnabled by defaultYesDisabled by default
[116]		NoNoYesNoVulnerableNot affectedVulnerableVulnerableUnknownUnknownYes[n 10]
9Disabled by default
[117]		Enabled by defaultYesYesNosince v9.5
(only desktop)		YesNoVulnerableNot affectedVulnerableVulnerableUnknownUnknownYes[n 10]
10–11.52No[118]Enabled by defaultYesDisabled by defaultDisabled by default
[118]		Yes
(only desktop)		YesNoVulnerableNot affectedVulnerableVulnerableUnknownUnknownYes[n 10]
11.60–11.64NoEnabled by defaultYesDisabled by defaultDisabled by defaultYes
(only desktop)		YesNoMitigated
[119]		Not affectedVulnerableVulnerableUnknownUnknownYes[n 10]
12–12.14NoDisabled by default
[n 32]		YesDisabled by defaultDisabled by defaultYes
(only desktop)		YesNoMitigatedNot affectedMitigated
[n 32]		VulnerableUnknownMitigated[121]Yes[n 10]
12.15–12.17NoDisabled by defaultYesDisabled by defaultDisabled by defaultYes
(only desktop)		YesNoMitigatedNot affectedMitigatedPartly mitigated
[122][123]		UnknownMitigated[121]Yes[n 10]
Opera Browser
(Opera Mobile)
(Webkit and Blink)
[n 33]		14–16Windows (XP+)
OS X (10.7+)
Linux
Android (4.0+)		NoEnabled by defaultYesYes[126]No[126]Yes
(only desktop)		needs SHA-2 compatible OS[39]needs ECC compatible OS[40]Not affectedMitigatedVulnerableVulnerableVulnerable
(except Windows)		VulnerableTemporary
[n 11]
17–19NoEnabled by defaultYesYes[127]Yes[127]Yes
(only desktop)		needs SHA-2 compatible OS[39]needs ECC compatible OS[40]Not affectedMitigatedVulnerableVulnerableVulnerable
(except Windows)		VulnerableTemporary
[n 11]
20–24NoEnabled by defaultYesYesYesYes
(only desktop)		needs SHA-2 compatible OS[39]needs ECC compatible OS[40]Not affectedMitigatedPartly mitigated
[n 34]		Lowest priority
[128]		Vulnerable
(except Windows)		VulnerableTemporary
[n 11]
25, 26NoEnabled by default
[n 35]		YesYesYesYes
(only desktop)		Yesneeds ECC compatible OS[40]Not affectedMitigatedMitigated
[n 36]		Lowest priorityVulnerable
(except Windows)		VulnerableTemporary
[n 11]
27NoDisabled by default
[59]		YesYesYesYes
(only desktop)		Yesneeds ECC compatible OS[40]Not affectedMitigatedMitigated
[n 37]		Lowest priorityVulnerable
(except Windows)		VulnerableYes[n 38]
(only desktop)
28, 29NoDisabled by defaultYesYesYesYes
(only desktop)		Yesneeds ECC compatible OS[40]Not affectedMitigatedMitigatedLowest priorityMitigatedVulnerableYes[n 38]
(only desktop)
30NoDisabled by defaultYesYesYesYes
(only desktop)		Yesneeds ECC compatible OS[40]Not affectedMitigatedMitigatedOnly as fallback
[n 15][60]		MitigatedMitigated[121]Yes[n 38]
(only desktop)
3132NoNo[61]YesYesYesYes
(only desktop)		Yesneeds ECC compatible OS[40]Not affectedMitigatedNot affectedOnly as fallback
[n 15][60]		MitigatedMitigatedTemporary
[n 11]
BrowserVersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0TLS 1.1TLS 1.2EV certificateSHA-2 certificateECDSA certificateBEASTCRIMEPOODLE (SSLv3)RC4FREAKLogjamProtocol selection by user
Apple Safari
[n 39]		1Mac OS X 10.210.3No[133]YesYesNoNoNoNoNoVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
2–5Mac OS X 10.410.5,Win XPNoYesYesNoNosince v3.2NoNoVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
3–5Vista,Win 7NoYesYesNoNosince v3.2NoYes[64]VulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
4–6Mac OS X 10.610.7NoYesYesNoNoYesYes[39]Yes[40]VulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
6OS X 10.8NoYesYesNoNoYesYesYes[40]Mitigated
[n 40]		Not affectedMitigated
[n 41]		Vulnerable
[n 41]		Mitigated
[139]		VulnerableNo
79OS X 10.9NoYesYesYes[140]Yes[140]YesYesYesMitigated
[135]		Not affectedMitigated
[n 41]		Vulnerable
[n 41]		Mitigated
[139]		VulnerableNo
89OS X 10.10NoYesYesYesYesYesYesYesMitigatedNot affectedMitigated
[n 41]		Lowest priority
[141][n 41]		Mitigated
[139]		Mitigated
[142]		No
9OS X 10.11NoNoYesYesYesYesYesYesMitigatedNot affectedNot affectedLowest priorityMitigatedMitigatedNo
Apple Safari
(mobile)
[n 42]		3iPhone OS 1, 2No[146]YesYesNoNoNoNoUnknownVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
4, 5iPhone OS 3iOS 4NoYesYesNoNoYes[147]Yessince iOS 4[64]VulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
5, 6iOS 56NoYesYesYes[143]Yes[143]YesYesYesVulnerableNot affectedVulnerableVulnerableVulnerableVulnerableNo
7iOS 7NoYesYesYesYesYesYesYes[148]Mitigated
[149]		Not affectedVulnerableVulnerableVulnerableVulnerableNo
8iOS 8NoYesYesYesYesYesYesYesMitigatedNot affectedMitigated
[n 41]		Lowest priority
[150][n 41]		Mitigated
[151]		Mitigated
[152]		No
9iOS 9NoNoYesYesYesYesYesYesMitigatedNot affectedNot affectedLowest priorityMitigatedMitigatedNo
BrowserVersionPlatformsSSL 2.0 (insecure)SSL 3.0 (insecure)TLS 1.0TLS 1.1TLS 1.2EV
[n 3]		SHA-2ECDSABEAST[n 4]CRIME[n 5]POODLE (SSLv3)[n 6]RC4[n 7]FREAK[41][42]LogjamProtocol selection by user
SSL protocolsTLS protocolsCertificate SupportVulnerabilities fixed
Color or NoteSignificance
Browser versionPlatform
Browser versionOperating systemFuture release; under development
Browser versionOperating systemCurrent latest release
Browser versionOperating systemFormer release; still supported
Browser versionOperating systemFormer release; long-term support still active, but will end in less than 12 months
Browser versionOperating systemFormer release; no longer supported
n/aOperating systemMixed / Unspecified
Operating system (Version+)Minimum required operating system version (for the current latest version of the browser)
Operating systemNo longer supported for this operating system

 

 

 

传输层安全协议 SSL/TLS 详细介绍
dvlinker的技术专栏
03-25 5611
本文对SSL和TLS协议进行个详细的介绍,以便于大家更直观的理解和认识标准TLS协议
SSL协议详解
热门推荐
ikta的博客
12-17 1万+
SSL协议分为两层,下层为==SSL记录协议==,上层为==SSL握手协议SSL密码变化协议SSL警告协议。== 1.下层为SSL记录协议,主要作用是为高层协议提供基本的安全服务 > 建立在可靠的传输之上,负责对上层的数据进行分块、压缩、计算并添加MAC(消息验证码) 、加密,最后把记录块传输给对方。 2.上层为SSL握手协议SSL密码变化协议SSL报警协议 >1> SSL握手协议SSL握手协议被封装在SSL记录协议中,该协议允许服务器与客户端在应用程序传输和接收数据之前互相认证、协商加
SSL协议概述
涂睿的专栏
01-17 2880
 SSL协议概述 提供网络安全服务可以在不同层次提供。通用的解决方法是在网络层使用IPSec,IPSec对于最终用户和应用程序是透明的。另个比较通用的解决方法是在TCP上实现安全性,在这级,有两种实现选择,SSL(或TLS)可以作为基本协议族的个部分提供,因此对应用程序透明,二是将SSL嵌入到软件中,如嵌入到Web浏览器与Web服务器。与应用有关的安全服务也可以
SSL协议概述(二)
涂睿的专栏
01-17 2553
 二、SSL记录协议 SSL在记录协议SSL连接提供两种服务:机密性和报文完整性。SSL协议中,所有的传输数据都被封装在记录中。记录是由记录头和长度不为0的记录数据组成的。所有的SSL通信都使用SSL记录层,记录协议封装上层的握手协议、警告协议、改变密码格式协议和应用数据协议SSL记录协议包括了记录头和记录数据格式的规定。SSL主要的操作见图图13.3 SS
SSL (Secure Socket Layer)
welcomejzh的专栏
01-09 713
SSL (Secure Socket Layer)为Netscape所研发,用以保障在Internet上数据传输之安全,利用数据加密(Encryption)技术,可确保数据在网络上之传输过程中不会被截取及窃听。目前般通用之规格为40 bit之安全标准,美国则已推出128 bit之更高安全标准,但限制出境。只要3.0版本以上之I.E.或Netscape浏览器即可支持SSL。 当前版本为3.0。它已
物联网开发_跨平台移动应用开发_Cordova插件_MQTT协议_Android_iOS_Windows_UWP_SSL_TLS加密_消息队列遥测传输_客户端实现_多平台支持_设备间通信_远程.zip
最新发布
06-17
附赠资源.pdf提供了关于物联网开发的额外资料,简介.txt概述了整个项目的概况和内容,而“物联网开发_跨平台移动应用开发_Cordova插件_MQTT”这文件名称暗示了文件中包含了关于使用Cordova插件进行基于MQTT协议的...
计算机网络_第六章_安全套接层协议SSL_77.pptx
11-23
SSL协议概述SSL(Secure Sockets Layer,安全套接层)是计算机网络领域中广泛使用的安全协议,其目标是为TCP提供端到端的安全服务,确保通信双方的数据保密性和完整性,同时也支持双方身份的验证。SSL最初由...
mod_ssl-2.6.0-1.3.12.tar.gz_mod_ssl
09-20
1. **作用**:mod_ssl是Apache的个核心模块,它的主要任务是通过SSL/TLS协议提供安全的网络连接。这包括证书管理、加密算法选择、会话缓存等功能,使得用户可以通过HTTPS访问网站,进行安全的网上交易、登录或其他...
SSL协议
cliff,的博客
11-23 1939
SSL协议的原理
什么是SSL协议
ysds20211402的博客
02-09 5459
转自:微点阅读https://www.weidianyuedu.com 什么是SSL协议SSL协议种安全传输协议SSL是SecureSocketLayer的缩写,即安全套接层协议。该协议最初由Netscape企业发展而来,目前已经成为互联网上用来鉴别网站和网页浏览者的身份,以及在浏览器使用者及网页服务器之间进行加密通讯的全球化标准协议。由于SSL技术已建立到了所有主要的浏览器和WEB服务器程序当中,因此,仅需安装数字证书,或服务器证书就可以激活服务器功能了。 SSL协议能够对信用卡和..
SSL协议具体解释
weixin_33859665的博客
06-07 216
背景介绍    近期在看《password学与网络安全》相关的书籍,这篇文章主要具体介绍下著名的网络安全协议SSL。      在開始SSl介绍之前,先给大家介绍几个password学的概念和相关的知识。     1、password学的相关概念 password学(cryptography):目的是通过将信息编码使其不可读,从而达到安全性。 明文(plain text):...
什么是SSL协议,浅谈SSL协议
ysds20211402的博客
04-02 965
转自:微点阅读https://www.weidianyuedu.com 什么是SSL协议SSL协议种安全传输协议SSL是SecureSocketLayer的缩写,即安全套接层协议。该协议最初由Netscape企业发展而来,目前已经成为互联网上用来鉴别网站和网页浏览者的身份,以及在浏览器使用者及网页服务器之间进行加密通讯的全球化标准协议。由于SSL技术已建立到了所有主要的浏览器和WEB服务器程序当中,因此,仅需安装数字证书,或服务器证书就可以激活服务器功能了。 SSL协议能够对信用卡和..
SSL协议介绍】
qq_55213436的博客
07-19 3735
SSL协议,即安全套接字层。可用于保护正常运行于TCP之上的任何应用协议,如HTTP、FTP、SMTP或Telnet的通信,最常见的是用SSL来保护HTTP的通信。SSL协议的优点在于它是与应用层协议无关的。高层的应用协议(如HTTP、FTP、Telnet等)能透明地建立于SSL协议之上。SSL协议在应用层协议之前就已经完成加密算法、通信密钥的协商以及服务器的认证工作。在此之后应用层协议所传送的数据都会被加密,从而保证通信的安全性。客户对服务器的身份认证。...
评论
成就一亿技术人!
拼手气红包6.0元
还能输入1000个字符
 
红包 添加红包
表情包 插入表情
表情包 代码片
 条评论被折叠 查看
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值