أمن طبقة النقل
نموذج TCP/IP (RFC 1122) |
---|
طبقة التطبيقات |
BGP • DHCP • DNS • FTP • گوفر • GTP • HTTP • IMAP • IRC • NNTP • NTP • POP • RIP • RPC • RTCP • RTP • RTSP • SDP • SIP • SMTP • SNMP • SOAP • SSH • STUN • Telnet • TIME • TLS/SSL • XMPP • (المزيد) |
طبقة النقل |
TCP • UDP • DCCP • SCTP • RSVP • ECN • (المزيد) |
طبقة الإنترنت |
IP (IPv4, IPv6) • ICMP • ICMPv6 • IGMP • IPsec • (المزيد) |
طبقة الوصل |
ARP • RARP • NDP • OSPF • Tunnels (L2TP) • Media Access Control (إيثرنت, DSL, ISDN, FDDI) • Device Drivers • (المزيد) |
أمن طبقة النقل Transport Layer Security (TLS) ، وسابقته طبقة المنافذ الآمنة Secure Sockets Layer (SSL)، هي پروتوكولات تعمية مصممة للحصول على أمن الاتصالات في شبكات الحاسوب.[1] هناك إصدارات مختلفة للپروتوكولات تستخدم على نطاق واسع في تطبيقات مثل تصفح الإنترنت، البريد الإلكتروني، فاكس الإنترنت، التراسل الفوري، والصوت عبر الإنترنت. مواقع الوب الرئيسية (تشمل گوگل، يوتيوب، فيسبوك وغيرها) تستخدم أمن طبقة النقل لتأمين جميع الاتصالات بين خوادمها ومتصفحات الوب.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
الوصف
إن معظم إجراءات البروتوكول تُنفّذ حال البدء بتبادل المعلومات وطلب إعداد قناة اتصال آمنة، حيث يبدأ البروتوكول العمل عندما يقوم حاسب المستخدم بطلب الوثوقية من المخدم. يحدد الطلب الذي يقوم به المستخدم وهو خوارزمية التشفير التي يمكن استخدامها بالإضافة إلى نص التحدي. (نص التحدي باختصار هو مادة عشوائية يتم ارجاعها ضمن محتوى مشفر لمنع إعادة إرسال تلك النصوص المشفرة والتي كانت تستخدم في السابق، مما يعني أن نص التحدي مختلفاً عن النصوص المشفرة).
أما التوثيق الذي يقوم المخدم بإعادته فيكون على شكل شهادة تحوي توقيع مفتاح المخدم المعلن، وعلى أفضليات المخدم لخوارزمية التشفير التي ستستخدم. يقوم حاسب المستخدم بعد ذلك بإنشاء مفتاح أصلي، وتشفير مفتاح المخدم، ومن ثم يقوم بإرسال النتيجة إلى المخدم. حينذاك، يقوم المخدم بإعادة الرسالة المشفرة مع المفتاح الأصلي، حيث يستخدم هذا المفتاح لإنشاء المفاتيح اللازمة لإرسال الرسائل.
التاريخ والتطوير
التعريف | |
---|---|
الپروتوكول | السنة |
SSL 1.0 | n/a |
SSL 2.0 | 1995 |
SSL 3.0 | 1996 |
TLS 1.0 | 1999 |
TLS 1.1 | 2006 |
TLS 1.2 | 2008 |
TLS 1.3 | TBD |
برمجة الشبكة الآمنة
SSL 1.0, 2.0 و3.0
TLS 1.0
TLS 1.1
TLS 1.2
TLS 1.3 (مسودة)
الشهادات الرقمية
اللوغرتيمات
التطبيقات والاستخدامات
يستطيع بروتوكول SSL تشفير كافة الاتصالات بين المنافذ فوراً وبدون تدخل من المستخدم، الأمر الذي يوفر الدعم الأمني لكافة تطبيقات الانترنيت، وخاصة البريد الإلكتروني، وبروتوكول تل نت، وبروتوكول نقل الملفات، بالإضافة إلى مختلف التبادلات التي تتم على الويب، حيث يمكن حمايتها كافة عن طريق SSL.
مواقع الوب
إصدار الپروتوكول |
دعم موقع الوب[2] |
الأمن[2][3] |
---|---|---|
SSL 2.0 | 10.4% (−0.4%) | Insecure |
SSL 3.0 | 32.6% (−1.2%) | Insecure[4] |
TLS 1.0 | 99.0% (−0.2%) | Depends on cipher[n 1] and client mitigations[n 2] |
TLS 1.1 | 65.7% (+1.4%) | Depends on cipher[n 1] and client mitigations[n 2] |
TLS 1.2 | 67.9% (+1.4%) | Depends on cipher[n 1] and client mitigations[n 2] |
TLS 1.3 (Draft) |
N/A |
- Notes
- ^ أ ب ت see #Cipher table below
- ^ أ ب ت see #Web browsers and #Attacks against TLS/SSL sections
متصفحات الوب
Browser | Version | Platforms | SSL protocols | TLS protocols | Certificate Support | Vulnerabilities fixed[n 1] | Protocol selection by user [n 2] | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | EV [n 3][5] |
SHA-2 [6] |
ECDSA [7] |
BEAST[n 4] | CRIME[n 5] | POODLE (SSLv3)[n 6] | RC4[n 7] | FREAK[8][9] | Logjam | |||||
Google Chrome (Chrome for Android) [n 8] [n 9] |
1–9 | Windows (XP SP2+) OS X (10.7+) Linux Android (4.0+) iOS (7.0+) Chrome OS |
Disabled by default | Enabled by default | نعم | لا | لا | نعم (only desktop) |
needs SHA-2 compatible OS[6] | needs ECC compatible OS[7] | Not affected [14] |
Vulnerable (HTTPS) |
Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Yes[n 10] | |
10–20 | No[15] | Enabled by default | نعم | لا | لا | نعم (only desktop) |
needs SHA-2 compatible OS[6] | needs ECC compatible OS[7] | Not affected | Vulnerable (HTTPS/SPDY) |
Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Yes[n 10] | |||
21 | No | Enabled by default | نعم | لا | لا | نعم (only desktop) |
needs SHA-2 compatible OS[6] | needs ECC compatible OS[7] | Not affected | Mitigated [16] |
Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Yes[n 10] | |||
22–25 | No | Enabled by default | نعم | نعم[17] | لا[17][18][19][20] | نعم (only desktop) |
needs SHA-2 compatible OS[6] | needs ECC compatible OS[7] | Not affected | Mitigated | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
26–29 | No | Enabled by default | نعم | نعم | لا | نعم (only desktop) |
needs SHA-2 compatible OS[6] | needs ECC compatible OS[7] | Not affected | Mitigated | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
30–32 | No | Enabled by default | نعم | نعم | نعم[18][19][20] | نعم (only desktop) |
needs SHA-2 compatible OS[6] | needs ECC compatible OS[7] | Not affected | Mitigated | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
33–37 | No | Enabled by default | نعم | نعم | نعم | نعم (only desktop) |
needs SHA-2 compatible OS[6] | needs ECC compatible OS[7] | Not affected | Mitigated | Partly mitigated [n 12] |
Lowest priority [23][24][25] |
Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
38, 39 | No | Enabled by default | نعم | نعم | نعم | نعم (only desktop) |
نعم | needs ECC compatible OS[7] | Not affected | Mitigated | Partly mitigated | Lowest priority | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
40 | No | Disabled by default [22][26] |
نعم | نعم | نعم | نعم (only desktop) |
نعم | needs ECC compatible OS[7] | Not affected | Mitigated | Mitigated [n 13] |
Lowest priority | Vulnerable (except Windows) |
Vulnerable | Yes[n 14] | |||
41, 42 | No | Disabled by default | نعم | نعم | نعم | نعم (only desktop) |
نعم | needs ECC compatible OS[7] | Not affected | Mitigated | Mitigated | Lowest priority | Mitigated | Vulnerable | Yes[n 14] | |||
43 | No | Disabled by default | نعم | نعم | نعم | نعم (only desktop) |
نعم | needs ECC compatible OS[7] | Not affected | Mitigated | Mitigated | Only as fallback [n 15][27] |
Mitigated | Vulnerable | Yes[n 14] | |||
44–46 | 47 | No | No[28] | نعم | نعم | نعم | نعم (only desktop) |
نعم | needs ECC compatible OS[7] | Not affected | Mitigated | Not affected | Only as fallback [n 15] |
Mitigated | Mitigated[29] | Temporary [n 11] | ||
Google Android OS Browser [30] |
Android 1.0, 1.1, 1.5, 1.6, 2.0–2.1, 2.2–2.2.3 | No | Enabled by default | نعم | لا | لا | غير معروف | لا | لا | غير معروف | غير معروف | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | ||
Android 2.3–2.3.7, 3.0–3.2.6, 4.0–4.0.4, 4.1–4.3.1 | No | Enabled by default | نعم | لا | لا | غير معروف | نعم[6] | since Android OS 3.0[31] | غير معروف | غير معروف | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | |||
Android 4.4–4.4.4 | No | Enabled by default | نعم | Disabled by default | Disabled by default | غير معروف | نعم | نعم[7] | غير معروف | غير معروف | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | |||
Android 5.0-5.0.2 | No | Enabled by default | نعم | نعم[32] | نعم[32] | غير معروف | نعم | نعم | غير معروف | غير معروف | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | |||
Android 5.1-5.1.1 | No | No | نعم | نعم | نعم | غير معروف | نعم | نعم | غير معروف | غير معروف | Not affected | Only as fallback [n 15] |
Mitigated | Mitigated | لا | |||
Android 6.0 | No | No | نعم | نعم | نعم | غير معروف | نعم | نعم | غير معروف | غير معروف | Not affected | غير معروف | Mitigated | Mitigated | غير معروف | |||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Mozilla Firefox (Firefox for mobile) [n 16] |
1.0 | Windows (XP SP2+) OS X (10.6+) Linux Android (2.3+) iOS (8.2+) Firefox OS ESR only for: Windows (XP SP2+) OS X (10.6+) Linux |
Enabled by default [33] |
Enabled by default [33] |
نعم[33] | لا | لا | لا | نعم[6] | لا | Not affected [34] |
Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |
1.5 | Enabled by default | Enabled by default | نعم | لا | لا | لا | نعم | لا | Not affected | Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
2 | Disabled by default [33][35] |
Enabled by default | نعم | لا | لا | لا | نعم | نعم[7] | Not affected | Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
3–7 | Disabled by default | Enabled by default | نعم | لا | لا | نعم | نعم | نعم | Not affected | Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
8–10 ESR 10 |
No[35] | Enabled by default | نعم | لا | لا | نعم | نعم | نعم | Not affected | Not affected | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
11–14 | No | Enabled by default | نعم | لا | لا | نعم | نعم | نعم | Not affected | Vulnerable (SPDY)[16] |
Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
15–22 ESR 17.0–17.0.10 |
No | Enabled by default | نعم | لا | لا | نعم | نعم | نعم | Not affected | Mitigated | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 10] | |||
ESR 17.0.11 | No | Enabled by default | نعم | لا | لا | نعم | نعم | نعم | Not affected | Mitigated | Vulnerable | Lowest priority [36][37] |
Not affected | Vulnerable | Yes[n 10] | |||
23 | No | Enabled by default | نعم | Disabled by default [38] |
لا | نعم | نعم | نعم | Not affected | Mitigated | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 17] | |||
24, 25.0.0 ESR 24.0–24.1.0 |
No | Enabled by default | نعم | Disabled by default | Disabled by default [40] |
نعم | نعم | نعم | Not affected | Mitigated | Vulnerable | Vulnerable | Not affected | Vulnerable | Yes[n 17] | |||
25.0.1, 26 ESR 24.1.1 |
No | Enabled by default | نعم | Disabled by default | Disabled by default | نعم | نعم | نعم | Not affected | Mitigated | Vulnerable | Lowest priority [36][37] |
Not affected | Vulnerable | Yes[n 17] | |||
27–33 ESR 31.0–31.2 |
No | Enabled by default | نعم | نعم[41][42] | نعم[43][42] | نعم | نعم | نعم | Not affected | Mitigated | Vulnerable | Lowest priority | Not affected | Vulnerable | Yes[n 17] | |||
34, 35 ESR 31.3–31.7 |
No | Disabled by default [44][45] |
نعم | نعم | نعم | نعم | نعم | نعم | Not affected | Mitigated | Mitigated [n 18] |
Lowest priority | Not affected | Vulnerable | Yes[n 17] | |||
ESR 31.8 | No | Disabled by default | نعم | نعم | نعم | نعم | نعم | نعم | Not affected | Mitigated | Mitigated | Lowest priority | Not affected | Mitigated[48] | Yes[n 17] | |||
36–38 ESR 38.0 |
No | Disabled by default | نعم | نعم | نعم | نعم | نعم | نعم | Not affected | Mitigated | Mitigated | Only as fallback [n 15][49] |
Not affected | Vulnerable | Yes[n 17] | |||
ESR 38.1– ESR 38.3 |
ESR 38.4 | No | Disabled by default | نعم | نعم | نعم | نعم | نعم | نعم | Not affected | Mitigated | Mitigated | Only as fallback [n 15] |
Not affected | Mitigated[48] | Yes[n 17] | ||
ESR 38.5– ESR 38.8 | ||||||||||||||||||
39–41 | 42 | No | No[50] | نعم | نعم | نعم | نعم | نعم | نعم | Not affected | Mitigated | Not affected | Only as fallback [n 15] |
Not affected | Mitigated[48] | Yes[n 17] | ||
43 | ||||||||||||||||||
44 | ESR 45 | No | No | نعم | نعم | نعم | نعم | نعم | نعم | Not affected | Mitigated | Not affected | Not affected[n 19] | Not affected | Mitigated | Yes[n 17] | ||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Microsoft Internet Explorer [n 20] |
1.x | Windows 3.1, 95, NT[n 21],[n 22] Mac OS 7, 8 |
No SSL/TLS support | |||||||||||||||
2 | Yes | No | لا | لا | لا | لا | لا | لا | No SSL 3.0 or TLS support | Vulnerable | Vulnerable | Vulnerable | {{N/A}} | |||||
3 | Yes | Yes[56] | لا | لا | لا | لا | لا | لا | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | غير معروف | |||
4, 5 | Windows 3.1, 95, 98, NT[n 21],[n 22] Mac OS 7.1, 8, X, Solaris,HP-UX |
Enabled by default | Enabled by default | Disabled by default [56] |
لا | لا | لا | لا | لا | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Yes[n 10] | ||
6 | Windows 98, ME, NT[n 21], 2000[n 22] | Enabled by default | Enabled by default | Disabled by default [56] |
لا | لا | لا | لا | لا | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Yes[n 10] | ||
6 | Windows XP[n 22] | Enabled by default | Enabled by default | Disabled by default | لا | لا | لا | نعم [n 23] [57] |
لا | Mitigated | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Yes[n 10] | ||
6 | Server 2003[n 22] | Enabled by default | Enabled by default | Disabled by default | لا | لا | لا | نعم [n 23] [57] |
لا | Mitigated | Not affected | Vulnerable | Vulnerable | Mitigated [60] |
Mitigated [61] |
Yes[n 10] | ||
7, 8 | Windows XP[n 22] | Disabled by default [62] |
Enabled by default | نعم[62] | لا | لا | نعم | نعم [n 23] [57] |
لا | Mitigated | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Yes[n 10] | ||
7, 8 | Server 2003[n 22] | Disabled by default [62] |
Enabled by default | نعم[62] | لا | لا | نعم | نعم [n 23] [57] |
لا | Mitigated | Not affected | Vulnerable | Vulnerable | Mitigated [60] |
Mitigated [61] |
Yes[n 10] | ||
7, 8[n 24] | 9 | Windows Vista | Disabled by default | Enabled by default | نعم | لا | لا | نعم | نعم | نعم[7] | Mitigated | Not affected | Vulnerable | Vulnerable | Mitigated [60] |
Mitigated [61] |
Yes[n 10] | |
Server 2008 | ||||||||||||||||||
8, 9, 10[n 24] | Windows 7 | Disabled by default | Enabled by default | نعم | Disabled by default [64] |
Disabled by default [64] |
نعم | نعم | نعم | Mitigated | Not affected | Vulnerable | Lowest priority [65][n 25] |
Mitigated [60] |
Mitigated [61] |
Yes[n 10] | ||
Server 2008 R2 | ||||||||||||||||||
10[n 24] | Windows 8 | Disabled by default | Enabled by default | نعم | Disabled by default [64] |
Disabled by default [64] |
نعم | نعم | نعم | Mitigated | Not affected | Vulnerable | Lowest priority [65][n 25] |
Mitigated [60] |
Mitigated [61] |
Yes[n 10] | ||
10 | Server 2012 | |||||||||||||||||
11 | Windows 7 | Disabled by default | Disabled by default [n 26] |
نعم | نعم[67] | نعم[67] | نعم | نعم | نعم | Mitigated | Not affected | Mitigated [n 26] |
Lowest priority [65][n 25] |
Mitigated [60] |
Mitigated [61] |
Yes[n 10] | ||
Server 2008 R2 | ||||||||||||||||||
11 | Windows 8.1 | Disabled by default | Disabled by default [n 26] |
نعم | نعم[67] | نعم[67] | نعم | نعم | نعم | Mitigated | Not affected | Mitigated [n 26] |
Only as fallback [n 15][71][72] |
Mitigated [60] |
Mitigated [61] |
Yes[n 10] | ||
Server 2012 R2 | ||||||||||||||||||
Microsoft Edge[n 27] and (as fallback) Internet Explorer[n 20] |
IE 11 | Edge[n 28] | Windows 10 | Disabled by default | Disabled by default | نعم | نعم | نعم | نعم | نعم | نعم | Mitigated | Not affected | Mitigated | Only as fallback [n 15] |
Mitigated | Mitigated | Yes[n 10] |
Server 2016 | ||||||||||||||||||
Microsoft Internet Explorer Mobile [n 20] |
7, 9 | Windows Phone 7, 7.5, 7.8 | Disabled by default [62] |
Enabled by default | نعم | لا [بحاجة لمصدر] |
لا [بحاجة لمصدر] |
لا [بحاجة لمصدر] |
نعم | نعم[31] | غير معروف | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Only with 3rd party tools[n 29] | |
10 | Windows Phone 8 | Disabled by default | Enabled by default | نعم | Disabled by default [75] |
Disabled by default [75] |
لا [بحاجة لمصدر] |
نعم | نعم[76] | Mitigated | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | Only with 3rd party tools[n 29] | ||
11 | Windows Phone 8.1 | Disabled by default | Enabled by default | نعم | نعم[77] | نعم[77] | لا [بحاجة لمصدر] |
نعم | نعم | Mitigated | Not affected | Vulnerable | Only as fallback [n 15][71][72] |
Vulnerable | Vulnerable | Only with 3rd party tools[n 29] | ||
Microsoft Edge [n 27] |
Edge | Windows 10 Mobile | Disabled by default | Disabled by default | نعم | نعم | نعم | نعم | نعم | نعم | Mitigated | Not affected | Mitigated | Only as fallback [n 15] |
Mitigated | غير معروف | غير معروف | |
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Opera Browser (Opera Mobile) (Pre-Presto and Presto) [n 30] |
1-2 | No SSL/TLS support[79] | ||||||||||||||||
3 | Yes[80] | No | لا | لا | لا | لا | لا | لا | No SSL 3.0 or TLS support | Vulnerable | غير معروف | غير معروف | {{N/A}} | |||||
4 | Yes | Yes[81] | لا | لا | لا | لا | لا | لا | Vulnerable | Not affected | Vulnerable | Vulnerable | غير معروف | غير معروف | غير معروف | |||
5 | Enabled by default | Enabled by default | نعم[82] | لا | لا | لا | لا | لا | Vulnerable | Not affected | Vulnerable | Vulnerable | غير معروف | غير معروف | Yes[n 10] | |||
6-7 | Enabled by default | Enabled by default | نعم[82] | لا | لا | لا | نعم[6] | لا | Vulnerable | Not affected | Vulnerable | Vulnerable | غير معروف | غير معروف | Yes[n 10] | |||
8 | Enabled by default | Enabled by default | نعم | Disabled by default [83] |
لا | لا | نعم | لا | Vulnerable | Not affected | Vulnerable | Vulnerable | غير معروف | غير معروف | Yes[n 10] | |||
9 | Disabled by default [84] |
Enabled by default | نعم | نعم | لا | since v9.5 (only desktop) |
نعم | لا | Vulnerable | Not affected | Vulnerable | Vulnerable | غير معروف | غير معروف | Yes[n 10] | |||
10–11.52 | No[85] | Enabled by default | نعم | Disabled by default | Disabled by default [85] |
نعم (only desktop) |
نعم | لا | Vulnerable | Not affected | Vulnerable | Vulnerable | غير معروف | غير معروف | Yes[n 10] | |||
11.60–11.64 | No | Enabled by default | نعم | Disabled by default | Disabled by default | نعم (only desktop) |
نعم | لا | Mitigated [86] |
Not affected | Vulnerable | Vulnerable | غير معروف | غير معروف | Yes[n 10] | |||
12–12.14 | No | Disabled by default [n 31] |
نعم | Disabled by default | Disabled by default | نعم (only desktop) |
نعم | لا | Mitigated | Not affected | Mitigated [n 31] |
Vulnerable | غير معروف | Mitigated[88] | Yes[n 10] | |||
12.15–12.17 | No | Disabled by default | نعم | Disabled by default | Disabled by default | نعم (only desktop) |
نعم | لا | Mitigated | Not affected | Mitigated | Partly mitigated [89][90] |
غير معروف | Mitigated[88] | Yes[n 10] | |||
Opera Browser (Opera Mobile) (Webkit and Blink) [n 32] |
14–16 | Windows (XP+) OS X (10.7+) Linux Android (4.0+) |
No | Enabled by default | نعم | نعم[93] | لا[93] | نعم (only desktop) |
needs SHA-2 compatible OS[6] | needs ECC compatible OS[7] | Not affected | Mitigated | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |
17–19 | No | Enabled by default | نعم | نعم[94] | نعم[94] | نعم (only desktop) |
needs SHA-2 compatible OS[6] | needs ECC compatible OS[7] | Not affected | Mitigated | Vulnerable | Vulnerable | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
20–24 | No | Enabled by default | نعم | نعم | نعم | نعم (only desktop) |
needs SHA-2 compatible OS[6] | needs ECC compatible OS[7] | Not affected | Mitigated | Partly mitigated [n 33] |
Lowest priority [95] |
Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
25, 26 | No | Enabled by default [n 34] |
نعم | نعم | نعم | نعم (only desktop) |
نعم | needs ECC compatible OS[7] | Not affected | Mitigated | Mitigated [n 35] |
Lowest priority | Vulnerable (except Windows) |
Vulnerable | Temporary [n 11] | |||
27 | No | Disabled by default [26] |
نعم | نعم | نعم | نعم (only desktop) |
نعم | needs ECC compatible OS[7] | Not affected | Mitigated | Mitigated [n 36] |
Lowest priority | Vulnerable (except Windows) |
Vulnerable | Yes[n 37] (only desktop) | |||
28, 29 | No | Disabled by default | نعم | نعم | نعم | نعم (only desktop) |
نعم | needs ECC compatible OS[7] | Not affected | Mitigated | Mitigated | Lowest priority | Mitigated | Vulnerable | Yes[n 37] (only desktop) | |||
30 | No | Disabled by default | نعم | نعم | نعم | نعم (only desktop) |
نعم | needs ECC compatible OS[7] | Not affected | Mitigated | Mitigated | Only as fallback [n 15][27] |
Mitigated | Mitigated[88] | Yes[n 37] (only desktop) | |||
31, 32 | 33 | No | No[28] | نعم | نعم | نعم | نعم (only desktop) |
نعم | needs ECC compatible OS[7] | Not affected | Mitigated | Not affected | Only as fallback [n 15][27] |
Mitigated | Mitigated | Temporary [n 11] | ||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | EV certificate | SHA-2 certificate | ECDSA certificate | BEAST | CRIME | POODLE (SSLv3) | RC4 | FREAK | Logjam | Protocol selection by user | |
Apple Safari [n 38] |
1 | Mac OS X 10.2, 10.3 | No[100] | Yes | نعم | لا | لا | لا | لا | لا | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | |
2–5 | Mac OS X 10.4, 10.5, Win XP | No | Yes | نعم | لا | لا | since v3.2 | لا | لا | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | ||
3–5 | No | Yes | نعم | لا | لا | since v3.2 | لا | نعم[31] | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | |||
4–6 | Mac OS X 10.6, 10.7 | No | Yes | نعم | لا | لا | نعم | نعم[6] | نعم[7] | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | ||
6 | OS X 10.8 | No | Yes | نعم | لا | لا | نعم | نعم | نعم[7] | Mitigated [n 39] |
Not affected | Mitigated [n 40] |
Vulnerable [n 40] |
Mitigated [106] |
Vulnerable | لا | ||
7 | 9 | OS X 10.9 | No | Yes | نعم | نعم[107] | نعم[107] | نعم | نعم | نعم | Mitigated [102] |
Not affected | Mitigated [n 40] |
Vulnerable [n 40] |
Mitigated [106] |
Vulnerable | لا | |
8 | 9 | OS X 10.10 | No | Yes | نعم | نعم | نعم | نعم | نعم | نعم | Mitigated | Not affected | Mitigated [n 40] |
Lowest priority [108][n 40] |
Mitigated [106] |
Mitigated [109] |
لا | |
9 | OS X 10.11 | No | No | نعم | نعم | نعم | نعم | نعم | نعم | Mitigated | Not affected | Not affected | Lowest priority | Mitigated | Mitigated | لا | ||
Apple Safari (mobile) [n 41] |
3 | iPhone OS 1, 2 | No[113] | Yes | نعم | لا | لا | لا | لا | غير معروف | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | |
4, 5 | iPhone OS 3, iOS 4 | No | Yes | نعم | لا | لا | نعم[114] | نعم | since iOS 4[31] | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | ||
5, 6 | iOS 5, 6 | No | Yes | نعم | نعم[110] | نعم[110] | نعم | نعم | نعم | Vulnerable | Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | ||
7 | iOS 7 | No | Yes | نعم | نعم | نعم | نعم | نعم | نعم[115] | Mitigated [116] |
Not affected | Vulnerable | Vulnerable | Vulnerable | Vulnerable | لا | ||
8 | iOS 8 | No | Yes | نعم | نعم | نعم | نعم | نعم | نعم | Mitigated | Not affected | Mitigated [n 40] |
Lowest priority [117][n 40] |
Mitigated [118] |
Mitigated [119] |
لا | ||
9 | iOS 9 | No | No | نعم | نعم | نعم | نعم | نعم | نعم | Mitigated | Not affected | Not affected | Lowest priority | Mitigated | Mitigated | لا | ||
Browser | Version | Platforms | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | EV [n 3] |
SHA-2 | ECDSA | BEAST[n 4] | CRIME[n 5] | POODLE (SSLv3)[n 6] | RC4[n 7] | FREAK[8][9] | Logjam | Protocol selection by user | |
SSL protocols | TLS protocols | Certificate Support | Vulnerabilities fixed |
Color or Note | Significance | |
---|---|---|
Browser version | Platform | |
Browser version | Operating system | Future release; under development |
Browser version | Operating system | Current latest release |
Browser version | Operating system | Former release; still supported |
Browser version | Operating system | Former release; long-term support still active, but will end in less than 12 months |
Browser version | Operating system | Former release; no longer supported |
n/a | Operating system | Mixed / Unspecified |
Operating system (Version+) | Minimum required operating system version (for the current latest version of the browser) | |
No longer supported for this operating system |
- Notes
- ^ Does the browser have mitigations or is not vulnerable for the known attacks. Note actual security depends on other factors such as negotiated cipher, encryption strength etc (see #Cipher table).
- ^ Whether a user or administrator can choose the protocols to be used or not. If yes, several attacks such as BEAST (vulnerable in SSL 3.0 and TLS 1.0) or POODLE (vulnerable in SSL 3.0) can be avoided.
- ^ أ ب Whether EV SSL and DV SSL (normal SSL) can be distinguished by indicators (green lock icon, green address bar, etc.) or not.
- ^ أ ب e.g. 1/n-1 record splitting.
- ^ أ ب e.g. Disabling header compression in HTTPS/SPDY.
- ^ أ ب
- Complete mitigations; disabling SSL 3.0 itself, "anti-POODLE record splitting". "Anti-POODLE record splitting" is effective only with client-side implementation and valid according to the SSL 3.0 specification, however, it may also cause compatibility issues due to problems in server-side implementations.
- Partial mitigations; disabling fallback to SSL 3.0, TLS_FALLBACK_SCSV, disabling cipher suites with CBC mode of operation. If the server also supports TLS_FALLBACK_SCSV, the POODLE attack will fail against this combination of server and browser, but connections where the server does not support TLS_FALLBACK_SCSV and does support SSL 3.0 will still be vulnerable. If disabling cipher suites with CBC mode of operation in SSL 3.0, only cipher suites with RC4 are available, RC4 attacks become easier.
- When disabling SSL 3.0 manually, POODLE attack will fail.
- ^ أ ب
- Complete mitigation; disabling cipher suites with RC4.
- Partial mitigations to keeping compatibility with old systems; setting the priority of RC4 to lower.
- ^ Google Chrome (and Chromium) supports TLS 1.0, and TLS 1.1 from version 22 (it was added, then dropped from version 21). TLS 1.2 support has been added, then dropped from Chrome 29.[10][11][12]
- ^ Uses the TLS implementation provided by BoringSSL for Android, OS X, and Windows[13] or by NSS for Linux. Google is switching the TLS library used in Chrome to BoringSSL from NSS completely.
- ^ أ ب ت ث ج ح خ د ذ ر ز س ش ص ض ط ظ ع غ ف ق ك ل م ن هـ و ي أأ أب أت configure enabling/disabling of each protocols via setting/option (menu name is dependent on browsers)
- ^ أ ب ت ث ج ح خ د ذ ر ز configure the maximum and the minimum version of enabling protocols with command-line option
- ^ TLS_FALLBACK_SCSV is implemented.[21] Fallback to SSL 3.0 is disabled since version 39.[22]
- ^ In addition to TLS_FALLBACK_SCSV and disabling a fallback to SSL 3.0, SSL 3.0 itself is disabled by default.[22]
- ^ أ ب ت configure the minimum version of enabling protocols via chrome://flags[26] (the maximum version can be configured with command-line option)
- ^ أ ب ت ث ج ح خ د ذ ر ز س Only when no cipher suites with other than RC4 is available, cipher suites with RC4 will be used as a fallback.
- ^ Uses the TLS implementation provided by NSS. As of Firefox 22, Firefox supports only TLS 1.0 despite the bundled NSS supporting TLS 1.1. Since Firefox 23, TLS 1.1 can be enabled, but was not enabled by default due to issues. Firefox 24 has TLS 1.2 support disabled by default. TLS 1.1 and TLS 1.2 have been enabled by default in Firefox 27 release.
- ^ أ ب ت ث ج ح خ د ذ ر configure the maximum and the minimum version of enabling protocols via about:config or add-on[39]
- ^ SSL 3.0 itself is disabled by default.[44] In addition, fallback to SSL 3.0 is disabled since version 34,[46] and TLS_FALLBACK_SCSV is implemented since 35.0 and ESR 31.3.[44][47]
- ^ All RC4 cipher-suites is disabled by default.[51][52][53]
- ^ أ ب ت IE uses the TLS implementation of the Microsoft Windows operating system provided by the SChannel security support provider. TLS 1.1 and 1.2 are disabled by default until IE11.[54][55]
- ^ أ ب ت Windows NT 3.1 supports IE 1–2, Windows NT 3.5 supports IE 1–3, Windows NT 3.51 and Windows NT 4.0 supports IE 1–6
- ^ أ ب ت ث ج ح خ Windows XP as well as Server 2003 and older only support weak ciphers like 3DES and RC4.[58] The weak ciphers of these SChannel version are not only used for IE. They are also used for other Microsoft products running on this OS, e.g like Office. Only Windows Server 2003 can get a manually update to support AES ciphers by KB948963[59]
- ^ أ ب ت ث MS13-095 or MS14-049 for 2003 and XP-64 or SP3 for XP (32-bit)
- ^ أ ب ت Internet Explorer Support Announcement[63]
- ^ أ ب ت RC4 can be disabled except as a fallback (Only when no cipher suites with other than RC4 is available, cipher suites with RC4 will be used as a fallback.)[66]
- ^ أ ب ت ث Fallback to SSL 3.0 is sites blocked by default in Internet Explorer 11 for Protected Mode.[68][69] SSL 3.0 is disabled by default in Internet Explorer 11 since April 2015.[70]
- ^ أ ب Edge (formerly known as Project Spartan) is based on a fork of the Internet Explorer 11 rendering engine.
- ^ Except Windows 10 LTSB 2015 (LongTermSupportBranch)[73]
- ^ أ ب ت Could be disabled via registry editing but need 3rd Party tools to do this.[74]
- ^ Opera 10 added support for TLS 1.2 as of Presto 2.2. Previous support was for TLS 1.0 and 1.1. TLS 1.1 and 1.2 are disabled by default (except for version 9[78] that enabled TLS 1.1 by default).
- ^ أ ب SSL 3.0 is disabled by default remotely since October 15, 2014[87]
- ^ TLS support of Opera 14 and above is same as that of Chrome, because Opera has migrated to Chromium backend (Opera 14 for Android is based on Chromium 26 with WebKit,[91] and Opera 15 and above are based on Chromium 28 and above with Blink[92]).
- ^ TLS_FALLBACK_SCSV is implemented.[95]
- ^ SSL 3.0 is enabled by default, with some mitigations against known vulnerabilities such as BEAST and POODLE implemented.[87]
- ^ In addition to TLS_FALLBACK_SCSV, "anti-POODLE record splitting" is implemented.[87]
- ^ In addition to TLS_FALLBACK_SCSV and "anti-POODLE record splitting", SSL 3.0 itself is disabled by default.[26]
- ^ أ ب ت configure the minimum version of enabling protocols via opera://flags[26] (the maximum version can be configured with command-line option)
- ^ Safari uses the operating system implementation on Mac OS X, Windows (XP, Vista, 7)[96] with unknown version,[97] Safari 5 is the last version available for Windows. OS X 10.8 on have SecureTransport support for TLS 1.1 and 1.2[98] Qualys SSL report simulates Safari 5.1.9 connecting with TLS 1.0 not 1.1 or 1.2[99]
- ^ In September 2013, Apple implemented BEAST mitigation in OS X 10.8 (Mountain Lion), but it was not turned on by default resulting in Safari still being theoretically vulnerable to the BEAST attack on that platform.[101][102] BEAST mitigation has been enabled by default from OS X 10.8.5 updated in February 2014.[103]
- ^ أ ب ت ث ج ح خ د Because Apple removed support for all CBC protocols in SSL 3.0 to mitigate POODLE[104][105], this leaves only RC4 which is also completely broken by the RC4 attacks in SSL 3.0.
- ^ Mobile Safari and third-party software utilizing the system UIWebView library use the iOS operating system implementation, which supports TLS 1.2 as of iOS 5.0.[110][111][112]
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
المكتبات
Implementation | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 (Draft) |
---|---|---|---|---|---|---|
Botan | No | No[120] | نعم | نعم | نعم | |
cryptlib | No | Enabled by default | نعم | نعم | نعم | |
GnuTLS | No[a] | Disabled by default[121] | نعم | نعم | نعم | |
Java Secure Socket Extension | No[a] | Disabled by default[b] | نعم | نعم | نعم | |
LibreSSL | No[122] | No[123] | نعم | نعم | نعم | |
MatrixSSL | No[a] | Disabled by default at compile time[124] | نعم | نعم | نعم | |
mbed TLS (previously PolarSSL) | No | Enabled by default | نعم | نعم | نعم | |
Network Security Services | Disabled by default[a] | Disabled by default[125] | نعم | نعم[126] | نعم[127] | |
OpenSSL | Enabled by default | Enabled by default | نعم | نعم[128] | نعم[128] | |
RSA BSAFE[129] | No | Yes | نعم | نعم | نعم | |
SChannel XP / 2003[130] | Disabled by default by MSIE 7 | Enabled by default | Enabled by default by MSIE 7 | لا | لا | |
SChannel Vista / 2008[131] | Disabled by default | Enabled by default | نعم | لا | لا | |
SChannel 7 / 2008 R2[132] | Disabled by default | Disabled by default in MSIE 11 | نعم | Enabled by default by MSIE 11 | Enabled by default by MSIE 11 | |
SChannel 8 / 2012[132] | Disabled by default | Enabled by default | نعم | Disabled by default | Disabled by default | |
SChannel 8.1 / 2012 R2, 10[132] | Disabled by default | Disabled by default in MSIE 11 | نعم | نعم | نعم | |
Secure Transport OS X 10.2-10.8 / iOS 1-4 | Yes | Yes | نعم | لا | لا | |
Secure Transport OS X 10.9-10.10 / iOS 5-8 | No[c] | Yes | نعم | نعم[c] | نعم[c] | |
Secure Transport OS X 10.11 / iOS 9 | No | No[c] | نعم | نعم | نعم | |
SharkSSL | No | Enabled by default | نعم | نعم | نعم | |
wolfSSL (previously CyaSSL) | No | Disabled by default[133] | نعم | نعم | نعم | |
Implementation | SSL 2.0 (insecure) | SSL 3.0 (insecure) | TLS 1.0 | TLS 1.1 | TLS 1.2 | TLS 1.3 (Draft) |
استخدامات أخرى
الأمن
يوفر هذا البروتوكول الأمن بأسلوب غير مرئي للمستخدم، فالعمليات التي يقوم بها بروتوكول تتم فوق طبقة الخدمات الأساسية لحزمة بروتوكولات الإنترنت، فالبرمجيات التي تستخدم ميفاق ضبط الإرسال تقوم بتعيين منفذ أو مقبس لكلا طرفي الاتصال، ويتم ذلك من خلال رسم خارطة للإجراءات البرمجية عند كل طرف من أطراف الاتصال.
SSL 2.0
SSL 3.0
TLS
الهجمات المضادة لــ TLS/SSL
السرية الأمامية
سجل TLS
+ | بايت +0 | بايت +1 | بايت +2 | بايت +3 | ||||||||||||||||||||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
بايت 0 |
نوع المحتوى | |||||||||||||||||||||||||||||||
بايت 1..4 |
الإصدار | الطول | ||||||||||||||||||||||||||||||
(رئيسي) | (هامشي) | (بيت 15..8) | (بيت 7..0) | |||||||||||||||||||||||||||||
Bytes 5..(m-1) |
Protocol message(s) | |||||||||||||||||||||||||||||||
بايت m..(p-1) |
MAC (optional) | |||||||||||||||||||||||||||||||
بايت p..(q-1) |
Padding (block ciphers only) |
- نوع المحتوى
Hex | Dec | Type |
---|---|---|
0x14 | 20 | ChangeCipherSpec |
0x15 | 21 | Alert |
0x16 | 22 | Handshake |
0x17 | 23 | Application |
0x18 | 24 | Heartbeat |
- Version
- This field identifies the major and minor version of TLS for the contained message. For a ClientHello message, this need not be the highest version supported by the client.
الإصدار الرئيسي |
الإصدار الهامشي |
نوع الإصدار |
---|---|---|
3 | 0 | SSL 3.0 |
3 | 1 | TLS 1.0 |
3 | 2 | TLS 1.1 |
3 | 3 | TLS 1.2 |
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
دعم الخوادم الافتراضية المعتمدة على الاسم
المعايير
انظر أيضاً
- Application-Layer Protocol Negotiation – a TLS extension used for SPDY and TLS False Start
- Bullrun (decryption program) – a secret anti-encryption program run by the U.S. National Security Agency
- Key ring file
- Multiplexed Transport Layer Security
- Obfuscated TCP
- RdRand
- Server gated cryptography
- SSL acceleration
- tcpcrypt
- Transport Layer Security Channel ID – a proposed protocol extension that improves web browser security via self-signed browser certificates
- أمن طبقة النقل اللاسلكية
المصادر
- ^ T. Dierks, E. Rescorla (August 2008). "The Transport Layer Security (TLS) Protocol, Version 1.2".
- ^ أ ب As of October 4, 2015. "SSL Pulse: Survey of the SSL Implementation of the Most Popular Web Sites". Retrieved 2015-10-19.
- ^ ivanr. "RC4 in TLS is Broken: Now What?". Qualsys Security Labs. Retrieved 2013-07-30.
- ^ خطأ استشهاد: وسم
<ref>
غير صحيح؛ لا نص تم توفيره للمراجع المسماةpoodle_pdf
- ^ "What browsers support Extended Validation (EV) and display an EV indicator?". Symantec. Retrieved 2014-07-28.
- ^ أ ب ت ث ج ح خ د ذ ر ز س ش ص ض "SHA-256 Compatibility". Retrieved 2015-06-12.
- ^ أ ب ت ث ج ح خ د ذ ر ز س ش ص ض ط ظ ع غ ف ق ك ل م ن هـ "ECC Compatibility". Retrieved 2015-06-13.
- ^ أ ب "Tracking the FREAK Attack". Retrieved 2015-03-08.
- ^ أ ب "FREAK: Factoring RSA Export Keys". Retrieved 2015-03-08.
- ^ Google (2012-05-29). "Dev Channel Update". Retrieved 2011-06-01.
{{cite web}}
:|author=
has generic name (help) - ^ Google (2012-08-21). "Stable Channel Update". Retrieved 2012-08-22.
{{cite web}}
:|author=
has generic name (help) - ^ Chromium Project (2013-05-30). "Chromium TLS 1.2 Implementation".
- ^ "The Chromium Project: BoringSSL". Retrieved 2015-09-05.
- ^ "Chrome Stable Release". Chrome Releases. Google. 2011-10-25. Retrieved 2015-02-01.
- ^ "SVN revision log on Chrome 10.0.648.127 release". Retrieved 2014-06-19.
- ^ أ ب "ImperialViolet - CRIME". 2012-09-22. Retrieved 2014-10-18.
- ^ أ ب "SSL/TLS Overview". 2008-08-06. Retrieved 2013-03-29.
- ^ أ ب "Chromium Issue 90392". 2008-08-06. Retrieved 2013-06-28.
- ^ أ ب "Issue 23503030 Merge 219882". 2013-09-03. Retrieved 2013-09-19.
- ^ أ ب "Issue 278370: Unable to submit client certificates over TLS 1.2 from Windows". 2013-08-23. Retrieved 2013-10-03.
- ^ Möller, Bodo (October 14, 2014). "This POODLE bites: exploiting the SSL 3.0 fallback". Google Online Security blog. Google (via Blogspot). Retrieved 2014-10-28.
- ^ أ ب ت "An update on SSLv3 in Chrome". Security-dev. Google. 2014-10-31. Retrieved 2014-11-04.
- ^ "Stable Channel Update". Mozilla Developer Network. Google. 2014-02-20. Retrieved 2014-11-14.
- ^ "Changelog for Chrome 33.0.1750.117". Google. Google. Retrieved 2014-11-14.
- ^ "Issue 318442: Update to NSS 3.15.3 and NSPR 4.10.2". Retrieved 2014-11-14.
- ^ أ ب ت ث ج "Issue 693963003: Add minimum TLS version control to about:flags and Finch gate it. - Code Review". Retrieved 2015-01-22.
- ^ أ ب ت "Issue 375342: Drop RC4 Support". Retrieved 2015-05-22.
- ^ أ ب "Issue 436391: Add info on end of life of SSLVersionFallbackMin & SSLVersionMin policy in documentation". Retrieved 2015-04-19.
- ^ "Issue 490240: Increase minimum DH size to 1024 bits (tracking bug)". Retrieved 2015-05-29.
{{cite web}}
: horizontal tab character in|title=
at position 15 (help) - ^ "SSLSocket | Android Developers". Retrieved 2015-03-11.
- ^ أ ب ت ث "What browsers work with Universal SSL". Retrieved 2015-06-15.
- ^ أ ب "Android 5.0 Behavior Changes | Android Developers". Retrieved 2015-03-11.
- ^ أ ب ت ث "Security in Firefox 2". 2008-08-06. Retrieved 2009-03-31.
- ^ "Attack against TLS-protected communications". Mozilla Security Blog. Mozilla. 2011-09-27. Retrieved 2015-02-01.
- ^ أ ب "Introduction to SSL". MDN. Retrieved 2014-06-19.
- ^ أ ب "NSS 3.15.3 Release Notes". Mozilla Developer Network. Mozilla. Retrieved 2014-07-13.
- ^ أ ب "MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities". Mozilla. Mozilla. Retrieved 2014-07-13.
- ^ "Bug 565047 – (RFC4346) Implement TLS 1.1 (RFC 4346)". Retrieved 2013-10-29.
- ^ SSL Version Control :: Add-ons for Firefox
- ^ "Bug 480514 – Implement support for TLS 1.2 (RFC 5246)". Retrieved 2013-10-29.
- ^ "Bug 733647 – Implement TLS 1.1 (RFC 4346) in Gecko (Firefox, Thunderbird), on by default". Retrieved 2013-12-04.
- ^ أ ب "Firefox Notes – Desktop". 2014-02-04. Retrieved 2014-02-04.
- ^ "Bug 861266 – Implement TLS 1.2 (RFC 5246) in Gecko (Firefox, Thunderbird), on by default". Retrieved 2013-11-18.
- ^ أ ب ت "The POODLE Attack and the End of SSL 3.0". Mozilla blog. Mozilla. 2014-10-14. Retrieved 2014-10-28.
- ^ "Firefox — Notes (34.0) — Mozilla". mozilla.org. 2014-12-01. Retrieved 2015-04-03.
- ^ "Bug 1083058 - A pref to control TLS version fallback". bugzilla.mozilla.org. Retrieved 2014-11-06.
- ^ "Bug 1036737 - Add support for draft-ietf-tls-downgrade-scsv to Gecko/Firefox". bugzilla.mozilla.org. Retrieved 2014-10-29.
- ^ أ ب ت "Bug 1166031 - Update to NSS 3.19.1". bugzilla.mozilla.org. Retrieved 2015-05-29.
- ^ "Bug 1088915 - Stop offering RC4 in the first handshakes". bugzilla.mozilla.org. Retrieved 2014-11-04.
- ^ "Firefox — Notes (39.0) — Mozilla". mozilla.org. 2015-06-30. Retrieved 2015-07-03.
- ^ "Google, Microsoft, and Mozilla will drop RC4 encryption in Chrome, Edge, IE, and Firefox next year". VentureBeat. 2015-09-01. Retrieved 2015-09-05.
- ^ "Intent to ship: RC4 disabled by default in Firefox 44". Retrieved 2015-10-18.
- ^ "RC4 is now allowed only on whitelisted sites (Reverted)". Retrieved 2015-11-02.
- ^ Microsoft (2012-09-05). "Secure Channel". Retrieved 2012-10-18.
- ^ Microsoft (2009-02-27). "MS-TLSP Appendix A". Retrieved 2009-03-19.
- ^ أ ب ت "What browsers only support SSLv2?". Retrieved 2014-06-19.
- ^ أ ب ت ث "SHA2 and Windows - Windows PKI blog - Site Home - TechNet Blogs". 2010-09-30. Retrieved 2014-07-29.
- ^ http://msdn.microsoft.com/en-us/library/windows/desktop/aa380512(v=vs.85).aspx
- ^ http://support.microsoft.com/kb/948963
- ^ أ ب ت ث ج ح خ "Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)". 2015-03-10. Retrieved 2015-03-11.
- ^ أ ب ت ث ج ح خ "Vulnerability in Schannel Could Allow Information Disclosure (3061518)". 2015-05-12. Retrieved 2015-05-22.
- ^ أ ب ت ث ج "HTTPS Security Improvements in Internet Explorer 7". Retrieved 2013-10-29.
- ^ [http://support.microsoft.com/gp/msl-ie-dotnet-an
- ^ أ ب ت ث "Windows 7 adds support for TLSv1.1 and TLSv1.2 - IEInternals - Site Home - MSDN Blogs". Retrieved 2013-10-29.
- ^ أ ب ت Thomlinson, Matt (2014-11-11). "Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security. Retrieved 2014-11-14.
- ^ Microsoft security advisory: Update for disabling RC4
- ^ أ ب ت ث Microsoft (2013-09-24). "IE11 Changes". Retrieved 2013-11-01.
- ^ "February 2015 security updates for Internet Explorer". 2015-02-11. Retrieved 2015-02-11.
- ^ "Update turns on the setting to disable SSL 3.0 fallback for protected mode sites by default in Internet Explorer 11". Retrieved 2015-02-11.
- ^ "Vulnerability in SSL 3.0 Could Allow Information Disclosure". 2015-04-14. Retrieved 2015-04-14.
- ^ أ ب "Release Notes: Important Issues in Windows 8.1 Preview". Microsoft. 2013-06-24. Retrieved 2014-11-04.
- ^ أ ب "W8.1(IE11) vs RC4 | Qualys Community". Retrieved 2014-11-04.
- ^ [http://www.zdnet.com/article/some-windows-10-enterprise-users-wont-get-microsofts-edge-browser
- ^ http://forum.xda-developers.com/windows-phone-8/development/poodle-ssl-vulnerability-secure-windows-t2906203
- ^ أ ب "What TLS version is used in Windows Phone 8 for secure HTTP connections?". Microsoft. Retrieved 2014-11-07.
- ^ https://www.ssllabs.com/ssltest/viewClient.html?name=IE%20Mobile&version=10&platform=Win%20Phone%208.0
- ^ أ ب "Platform Security". Microsoft. 2014-06-25. Retrieved 2014-11-07.
- ^ "Changelog for Opera 9.0 for Windows" at Opera.com
- ^ "Opera 2 series". Retrieved 2014-09-20.
- ^ "Opera 3 series". Retrieved 2014-09-20.
- ^ "Opera 4 series". Retrieved 2014-09-20.
- ^ أ ب "Changelog for Opera 5.x for Windows". Retrieved 2014-06-19.
- ^ "Changelog for Opera [8] Beta 2 for Windows". Retrieved 2014-06-19.
- ^ "Web Specifications Supported in Opera 9". Retrieved 2014-06-19.
- ^ أ ب "Opera: Opera 10 beta for Windows changelog". Retrieved 2014-06-19.
- ^ "About Opera 11.60 and new problems with some secure servers". 2011-12-11. Archived from the original on 2012-01-18.
- ^ أ ب ت "Security changes in Opera 25; the poodle attacks". 2014-10-15. Retrieved 2014-10-28.
- ^ أ ب ت "Unjam the logjam". 2015-06-09. Retrieved 2015-06-11.
- ^ "Advisory: RC4 encryption protocol is vulnerable to certain brute force attacks". 2013-04-04. Retrieved 2014-11-14.
- ^ "On the Precariousness of RC4". 2013-03-20. Archived from the original on 2013-11-12. Retrieved 2014-11-17.
- ^ "Dev.Opera — Opera 14 for Android Is Out!". 2013-05-21. Retrieved 2014-09-23.
- ^ "Dev.Opera — Introducing Opera 15 for Computers, and a Fast Release Cycle". 2013-07-02. Retrieved 2014-09-23.
- ^ أ ب same as Chrome 26–29
- ^ أ ب same as Chrome 30 and later
- ^ أ ب same as Chrome 33 and later
- ^ Adrian, Dimcev. "Common browsers/libraries/servers and the associated cipher suites implemented". TLS Cipher Suites Project.
- ^ Apple (2009-06-10). "Features". Retrieved 2009-06-10.
- ^ Curl: Patch to add TLS 1.1 and 1.2 support & replace deprecated functions in SecureTransport
- ^ Qualys SSL Report: google.co.uk (simulation Safari 5.1.9 TLS 1.0)
- ^ "Apple Secures Mac OS X with Mavericks Release - eSecurity Planet". 2013-10-25. Retrieved 2014-06-23.
- ^ Ristic, Ivan. "Is BEAST Still a Threat?". qualys.com.
- ^ أ ب Ivan Ristić (2013-10-31). "Apple enabled BEAST mitigations in OS X 10.9 Mavericks". Retrieved 2013-11-07.
- ^ Ivan Ristić (2014-02-26). "Apple finally releases patch for BEAST". Retrieved 2014-07-01.
- ^ http://support.apple.com/kb/HT6531
- ^ http://support.apple.com/kb/HT6541
- ^ أ ب ت "About Security Update 2015-002". Retrieved 2015-03-09.
- ^ أ ب "About the security content of OS X Mavericks v10.9". Retrieved 2014-06-20.
- ^ "User Agent Capabilities: Safari 8 / OS X 10.10". Qualsys SSL Labs. Retrieved 2015-03-07.
- ^ "About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005". Retrieved 2015-07-03.
- ^ أ ب ت Apple (2011-10-14). "Technical Note TN2287 – iOS 5 and TLS 1.2 Interoperability Issues". Retrieved 2012-12-10.
- ^ Liebowitz, Matt (2011-10-13). "Apple issues huge software security patches". NBCNews.com. Retrieved 2012-12-10.
- ^ MWR Info Security (2012-04-16). "Adventures with iOS UIWebviews". Retrieved 2012-12-10., section "HTTPS (SSL/TLS)"
- ^ "Secure Transport Reference". Retrieved 2014-06-23.
kSSLProtocol2
is deprecated in iOS - ^ "iPhone 3.0: Mobile Safari Gets Enhanced Security Certificate Visualization | The iPhone Blog". 2009-03-31. Archived from the original on 2009-04-03.
- ^ https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=7&platform=iOS%207.1
- ^ schurtertom (October 11, 2013). "SOAP Request fails randomly on one Server but works on an other on iOS7". Retrieved January 5, 2014.
- ^ "User Agent Capabilities: Safari 8 / iOS 8.1.2". Qualsys SSL Labs. Retrieved 2015-03-07.
- ^ "About the security content of iOS 8.2". Retrieved 2015-03-09.
- ^ "About the security content of iOS 8.4". Retrieved 2015-07-03.
- ^ "Version 1.11.13, 2015-01-11 — Botan". 2015-01-11. Retrieved 2015-01-16.
- ^ "[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16.
- ^ "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20.
- ^ "LibreSSL 2.3.0 Released". 2015-09-23. Retrieved 2015-09-24.
- ^ "MatrixSSL - News". Retrieved 2014-11-09.
- ^ "NSS 3.19 release notes". Mozilla Developer Network. Mozilla. Retrieved 2015-05-06.
- ^ "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Retrieved 2012-10-27.
- ^ "NSS 3.15.1 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-08-10.
- ^ أ ب "Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]". 2012-03-14. Retrieved 2015-01-20.[dead link]
- ^ "RSA BSAFE Technical Specification Comparison Tables" (PDF).
- ^ TLS cipher suites in Microsoft Windows XP and 2003
- ^ SChannel Cipher Suites in Microsoft Windows Vista
- ^ أ ب ت TLS Cipher Suites in SChannel for Windows 7, 2008R2, 8, 2012
- ^ "[wolfssl] wolfSSL 3.6.6 Released". 2015-08-20. Retrieved 2015-08-25.
قراءات إضافية
- Wagner, David (November 1996). "Analysis of the SSL 3.0 Protocol". The Second USENIX Workshop on Electronic Commerce Proceedings: 29–40, USENIX Press.
- Eric Rescorla (2001). SSL and TLS: Designing and Building Secure Systems. United States: Addison-Wesley Pub Co. ISBN 0-201-61598-3.
- Stephen A. Thomas (2000). SSL and TLS essentials securing the Web. New York: Wiley. ISBN 0-471-38354-6.
- Bard, Gregory (2006). "A Challenging But Feasible Blockwise-Adaptive Chosen-Plaintext Attack On Ssl". International Association for Cryptologic Research (136). Retrieved 2011-09-23.
- Canvel, Brice. "Password Interception in a SSL/TLS Channel". Retrieved 2007-04-20.
- IETF Multiple Authors. "RFC of change for TLS Renegotiation". Retrieved 2009-12-11.
- Creating VPNs with IPsec and SSL/TLS Linux Journal article by Rami Rosen
- Polk, Tim; McKay, Kerry; Chokhani, Santosh (April 2014). "Guidelines for the Selection, Configuration, and Use of Transport Layer Security (TLS) Implementations" (PDF). National Institute of Standards and Technology. Retrieved 2014-05-07.
{{cite web}}
: CS1 maint: multiple names: authors list (link)
وصلات خارجية
Specifications (see Standards section for older SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1 links)
- RFC 5246 - The Transport Layer Security (TLS) Protocol Version 1.2
- IETF (Internet Engineering Task Force) TLS Workgroup
- Other
- OWASP: Transport Layer Protection Cheat Sheet
- A talk on SSL/TLS that tries to explain things in terms that people might understand.
- SSL: Foundation for Web Security
- TLS Renegotiation Vulnerability – IETF Tools
- Trustworthy Internet Movement – SSL Pulse – Survey of TLS/SSL implementation of the most popular web sites
- How to Generate CSR for SSL
- How TLS Handshake works in browser
هذه المقالة كانت في الأصل مبنية على مادة من Free On-line Dictionary of Computing، التي هي مرخصة تحت GFDL.
- CS1 errors: generic name
- CS1 errors: invisible characters
- Articles with dead external links from November 2015
- Articles with hatnote templates targeting a nonexistent page
- Articles with unsourced statements from January 2015
- Pages with empty portal template
- مقالات المعرفة التي تحوي نصوصاً من FOLDOC
- أمن الإنترنت
- پروتوكولات تعمية
- معايير الإنترنت
- پروتوكولات الإنترنت
- تجارة إلكترونية
- اتصالات آمنة
- پروتوكولات طبقة التطبيق
- أمن طبقة النقل