建議停止支援SSL,改為TLS

資安議題研究區

建議停止支援SSL,改為TLS

Postby santin » Mon May 04, 2015 6:04 pm

美國的NIST已認為SSL對於保護資料不再足夠,應改為使用TLS(非新聞,但建議所有網站能注意此資安問題並進行設定):

The National Institute of Standards and Technology (NIST) identified SSL (a cryptographic protocol designed to provide secure communications over a computer network) as not being acceptable for the protection of data due to inherent weaknesses within the protocol. Upgrading to a current, secure version of Transport Layer Security (TLS), the successor protocol to SSL, is the only known way to remediate these vulnerabilities, which have been exploited by browser attacks such as POODLE and BEAST.
santin
 
Posts: 16
Joined: Tue Apr 29, 2014 4:51 pm

Return to 研究專區(Research Area)

cron