- Not only is TLS more secure and performant, most modern web browsers no longer support SSL 2.0 and SSL 3.0. For example, Google Chrome stopped supporting SSL 3.0 all the way back in 2014, and most major browsers are planning to stop supporting TLS 1.0 and TLS 1.1 in 2020.
- When using wget seems to work fine. Also works when testing with openssl as below: $ openssl sclient -connect thepiratebay.se:443 CONNECTED(00000003) SSL handshake has read 2651 bytes and written 456 bytes New, TLSv1/SSLv3, Cipher is AES128-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE SSL-Session: Protocol: TLSv1 Cipher: AES128-SHA.
- $ echo openssl sclient -connect example.com:443 -cipher '3DES DES RC2 RC4 IDEA SEED ↩ CAMELLIA MD5 aNULL eNULL EXPORT LOW' 2/dev/null grep New New, TLSv1/SSLv3, Cipher is DHE-RSA-CAMELLIA256-SHA.
- Python OpenSSL.SSL.SSLv3METHOD Examples The following are 2 code examples for showing how to use OpenSSL.SSL.SSLv3METHOD. These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example.
SSLv3 was created, and, together with the newer TLSv1/1.1/1.2, it is still currently being used to secure the transport layer of the Internet. As it happened for SSLv2, recently Google engineers pointed out that SSLv3 is broken (with an exploitation technique known as POODLE) and should not be used any longer.
If you want to install apache2 with SSL support check here once you have everything ready you need to configure your SSL for good security.
SSL is the most known and the most popular, it is not the only protocol that has been used for the purpose of securing web transactions. It is important to know that since invention of SSL v1.0 (which has never been released, by the way) there have been at least five protocols that have played a more-or-less important role in securing access to World Wide Web, as we see below:
Released by Netscape Communications in 1994. The main goal of this protocol was to provide security for transactions over the World Wide Web. Unfortunately, very quickly a number of security weaknesses were found in this initial version of the SSL protocol, thus making it less reliable for commercial use:
weak MAC construction
possibility of forcing parties to use weaker encryption
no protection for handshakes
possibility of an attacker performing truncation attacks
Released in 1996 by Netscape Communications. SSL v3.0 solved most of the SSL v2.0 problems, and incorporated many of the features of PCT. Pretty quickly become the most popular protocol for securing communication over WWW.
TLS v1.0 (also known as SSL v3.1)
Published by IETF in 1999 (RFC 2246). This protocol is based on SSL v3.0 and PCT and harmonizes both Netscape’s and Microsoft’s approaches. It is important to note that although TLS is based on SSL, it is not a 100% backward compatible with its predecessor. IETF did some security improvements, such as using HMAC instead of MAC, using a different calculation of the master secret and key material, adding additional alert codes, no support for Fortezza cipher suites, and so on. The end result of these improvements is that these protocols don’t fully interoperate. Fortunately enough, TLS has also got a mode to fall back to SSL v3.0.
Configuring SSLv3 and TLSv1 in Apache Hosts
If you want to enable SSL Version 3 and TLS v1.0 for more security you need to add the following lines under SSL section in your apache hosts configuration file
SSLProtocol -all +SSLv3 +TLSv1
Once you add these line you need to restart your apache webserver with the following command
Testing your SSL Version
If you want to test your ssl version details of perticular host use the following command
#openssl s_client -connect localhost:443
You need to replace localhost to your website hostname
Output looks like below
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 1024 bit
Protocol : SSLv3
Cipher : DHE-RSA-AES256-SHA
Key-Arg : None
Start Time: 1101164382
Timeout : 300 (sec)
Verify return code: 18 (self signed certificate)