Bruce Schneier

 

Home

Blog

Crypto-Gram Newsletter

Books

Essays and Op Eds

News and Interviews

Audio and Video

Speaking Schedule

Password Safe

Cryptography

Contact Information

 

Analysis of the SSL 3.0 Protocol

D. Wagner and B. Schneier

The Second USENIX Workshop on Electronic Commerce Proceedings, USENIX Press, November 1996, pp. 29-40.

ABSTRACT: The SSL protocol is intended to provide a practical, application-layer, widely applicable connection-oriented mechanism for Internet client/server communications security. This note gives a detailed technical analysis of the cryptographic strength of the SSL 3.0 protocol. A number of minor flaws in the protocol and several new active attacks on SSL are presented; however, these can be easily corrected without overhauling the basic structure of the protocol. We conclude that while there are still a few technical wrinkles to iron out, on the whole SSL 3.0 is a valuable contribution towards practical communications security.

[published version - postscript] [published version - PDF (Acrobat)]
[revised version - postscript] [revised version - PDF (Acrobat)]

Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.

 
Search
Crypto-Gram Newsletter
A free monthly e-mail newsletter on security and security technology.
read more
New Book
Schneier on Security book cover
more books by Bruce Schneier
Schneier on Security
A blog covering security and security technology.
read more