ABSTRACT
Secure Sockets Layer (SSL) and Transport Layer Security (TLS) are two widely used protocols to secure exchanges at the transport layer between a client and a server. SSL Version 1.0 was used internally within Netscape. Version 2.0 was released to the public in 1994 and integrated into the Netscape Navigator. Version 3.0 corrected deficiencies found in Version 2.0 and was the basis for RFC 2246 that defined TLS 1.0 in 1999 (Freier et al., 1996; Rescorla, 2001). TLS 1.0 was allowed for use to protect U.S. federal data; in contrast, SSL v3 was tolerated in limited, low-risk circumstances, such as to access vendor sites that did not support TLS (Chernick et al., 2005, p. 21, n. 20). TLS 1.0 was next adapted to wireless communication as Wireless TLS (WTLS). Two updates of TLS in 2006 and 2008, respectively, TLS 1.1 and 1.2, are defined in RFCs 4346 and 5246; these updates included a variety of countermeasures and workarounds to reported security threats. Finally, in 2011, RFC 6151 officially withdrew SSL Version 2.0. In parallel, the Datagram Transport Layer Security (DTLS) of RFC 4347 was defined to run on top of unreliable transport protocols; DTLS was later updated in RFC 6347. WTLS is discussed in Chapter 6.
