GalapagoSSL and TLS1.3


SSL3.0 has died from the POODLE attack announced in June last year. But is it true? Do we really understand the endangerment of RC4 (vulnerability of algorithm itself)? Do we know of situations where we have to obtain numerous cipher texts encrypted with the same key? It's a fact RC4 was sentenced to death at IETF but how about actual use? Are they consistent with the guidelines published by CRYPTREC?

Furthermore, with the FREAK attack in March and Logjam attack in May this year, I will gather the facts, with which I can answer questions like, 'Can we truly be safely operating SSL/TLS servers?' and 'Do we need to migrate to TLS1.3, the Messiah who relieve us these issues?' then, I would like to have a discussion with you.


  • Yuji Suga (IIJ/Cryptographic protocol Evaluation toward Long-Lived Outstanding Security (CELLOS) Consortium)

Reload   New Lower page making Edit Freeze Diff Upload Copy Rename   Front page List of pages Search Recent changes Backup Referer     RSS of recent changes
Last-modified: (402d)