- Ciphersuite negotiation
- Master Secret generation (FS)
- Authentication
- Confidentiality
- Integrity
- SSL 2.0 (MD5, MITM Downgrade)
- SSL 3.0 (POODLE)
- TLS 1.0 (BEAST)
- TLS 1.1 (CRIME, BREACH)
- TLS 1.2
-
TLS_RSA_WITH_AES_128_CBC_SHA
- RSA - Key negotiation
- AES128 CBC - symmetric cipher
- SHA1 - HMAC
- Defaults not optimal (SSLLabs)
- Changed via registry keys
- 3rd party tools (IISCrypto)
- Always use HTTPS
- Server redirects (first request)
- Headers and Preloaded lists
- Requires TLS 1.2 No Compression
- Opportunistic encryption
- All implementations so far over TLS
Made with Slides.com