أمن طبقة النقل

أمن طبقة النقل Transport Layer Security (TLS) ، وسابقته طبقة المنافذ الآمنة Secure Sockets Layer (SSL)، هي پروتوكولات تعمية مصممة للحصول على أمن الاتصالات في شبكات الحاسوب.[1] هناك إصدارات مختلفة للپروتوكولات تستخدم على نطاق واسع في تطبيقات مثل تصفح الإنترنت، البريد الإلكتروني، فاكس الإنترنت، التراسل الفوري، والصوت عبر الإنترنت. مواقع الوب الرئيسية (تشمل گوگل، يوتيوب، فيسبوك وغيرها) تستخدم أمن طبقة النقل لتأمين جميع الاتصالات بين خوادمها ومتصفحات الوب.


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

الوصف

إن معظم إجراءات البروتوكول تُنفّذ حال البدء بتبادل المعلومات وطلب إعداد قناة اتصال آمنة، حيث يبدأ البروتوكول العمل عندما يقوم حاسب المستخدم بطلب الوثوقية من المخدم. يحدد الطلب الذي يقوم به المستخدم وهو خوارزمية التشفير التي يمكن استخدامها بالإضافة إلى نص التحدي. (نص التحدي باختصار هو مادة عشوائية يتم ارجاعها ضمن محتوى مشفر لمنع إعادة إرسال تلك النصوص المشفرة والتي كانت تستخدم في السابق، مما يعني أن نص التحدي مختلفاً عن النصوص المشفرة).

أما التوثيق الذي يقوم المخدم بإعادته فيكون على شكل شهادة تحوي توقيع مفتاح المخدم المعلن، وعلى أفضليات المخدم لخوارزمية التشفير التي ستستخدم. يقوم حاسب المستخدم بعد ذلك بإنشاء مفتاح أصلي، وتشفير مفتاح المخدم، ومن ثم يقوم بإرسال النتيجة إلى المخدم. حينذاك، يقوم المخدم بإعادة الرسالة المشفرة مع المفتاح الأصلي، حيث يستخدم هذا المفتاح لإنشاء المفاتيح اللازمة لإرسال الرسائل.


التاريخ والتطوير

التعريف
الپروتوكول السنة
SSL 1.0 n/a
SSL 2.0 1995
SSL 3.0 1996
TLS 1.0 1999
TLS 1.1 2006
TLS 1.2 2008
TLS 1.3 TBD

برمجة الشبكة الآمنة

SSL 1.0, 2.0 و3.0

TLS 1.0

TLS 1.1

TLS 1.2

TLS 1.3 (مسودة)

الشهادات الرقمية

اللوغرتيمات


التطبيقات والاستخدامات

يستطيع بروتوكول SSL تشفير كافة الاتصالات بين المنافذ فوراً وبدون تدخل من المستخدم، الأمر الذي يوفر الدعم الأمني لكافة تطبيقات الانترنيت، وخاصة البريد الإلكتروني، وبروتوكول تل نت، وبروتوكول نقل الملفات، بالإضافة إلى مختلف التبادلات التي تتم على الويب، حيث يمكن حمايتها كافة عن طريق SSL.

مواقع الوب

دعم پروتوكول الوب
إصدار
الپروتوكول
دعم
موقع الوب[2]
الأمن[2][3]
SSL 2.0 10.4% (−0.4%) Insecure
SSL 3.0 32.6% (−1.2%) Insecure[4]
TLS 1.0 99.0% (−0.2%) Depends on cipher[n 1] and client mitigations[n 2]
TLS 1.1 65.7% (+1.4%) Depends on cipher[n 1] and client mitigations[n 2]
TLS 1.2 67.9% (+1.4%) Depends on cipher[n 1] and client mitigations[n 2]
TLS 1.3
(Draft)
N/A
Notes
  1. ^ أ ب ت see #Cipher table below
  2. ^ أ ب ت see #Web browsers and #Attacks against TLS/SSL sections

متصفحات الوب


TLS/SSL support history of web browsers
Browser Version Platforms SSL protocols TLS protocols Certificate Support Vulnerabilities fixed[n 1] Protocol selection by user
[n 2]
SSL 2.0 (insecure) SSL 3.0 (insecure) TLS 1.0 TLS 1.1 TLS 1.2 EV
[n 3][5]
SHA-2
[6]
ECDSA
[7]
BEAST[n 4] CRIME[n 5] POODLE (SSLv3)[n 6] RC4[n 7] FREAK[8][9] Logjam
Google Chrome
(Chrome for Android)
[n 8]
[n 9]
1–9 Windows (XP SP2+)
OS X (10.7+)
Linux
Android (4.0+)
iOS (7.0+)
Chrome OS
Disabled by default Enabled by default نعم لا لا نعم
(only desktop)
needs SHA-2 compatible OS[6] needs ECC compatible OS[7] Not affected
[14]
Vulnerable
(HTTPS)
Vulnerable Vulnerable Vulnerable
(except Windows)
Vulnerable Yes[n 10]
10–20 No[15] Enabled by default نعم لا لا نعم
(only desktop)
needs SHA-2 compatible OS[6] needs ECC compatible OS[7] Not affected Vulnerable
(HTTPS/SPDY)
Vulnerable Vulnerable Vulnerable
(except Windows)
Vulnerable Yes[n 10]
21 No Enabled by default نعم لا لا نعم
(only desktop)
needs SHA-2 compatible OS[6] needs ECC compatible OS[7] Not affected Mitigated
[16]
Vulnerable Vulnerable Vulnerable
(except Windows)
Vulnerable Yes[n 10]
22–25 No Enabled by default نعم نعم[17] لا[17][18][19][20] نعم
(only desktop)
needs SHA-2 compatible OS[6] needs ECC compatible OS[7] Not affected Mitigated Vulnerable Vulnerable Vulnerable
(except Windows)
Vulnerable Temporary
[n 11]
26–29 No Enabled by default نعم نعم لا نعم
(only desktop)
needs SHA-2 compatible OS[6] needs ECC compatible OS[7] Not affected Mitigated Vulnerable Vulnerable Vulnerable
(except Windows)
Vulnerable Temporary
[n 11]
30–32 No Enabled by default نعم نعم نعم[18][19][20] نعم
(only desktop)
needs SHA-2 compatible OS[6] needs ECC compatible OS[7] Not affected Mitigated Vulnerable Vulnerable Vulnerable
(except Windows)
Vulnerable Temporary
[n 11]
33–37 No Enabled by default نعم نعم نعم نعم
(only desktop)
needs SHA-2 compatible OS[6] needs ECC compatible OS[7] Not affected Mitigated Partly mitigated
[n 12]
Lowest priority
[23][24][25]
Vulnerable
(except Windows)
Vulnerable Temporary
[n 11]
38, 39 No Enabled by default نعم نعم نعم نعم
(only desktop)
نعم needs ECC compatible OS[7] Not affected Mitigated Partly mitigated Lowest priority Vulnerable
(except Windows)
Vulnerable Temporary
[n 11]
40 No Disabled by default
[22][26]
نعم نعم نعم نعم
(only desktop)
نعم needs ECC compatible OS[7] Not affected Mitigated Mitigated
[n 13]
Lowest priority Vulnerable
(except Windows)
Vulnerable Yes[n 14]
41, 42 No Disabled by default نعم نعم نعم نعم
(only desktop)
نعم needs ECC compatible OS[7] Not affected Mitigated Mitigated Lowest priority Mitigated Vulnerable Yes[n 14]
43 No Disabled by default نعم نعم نعم نعم
(only desktop)
نعم needs ECC compatible OS[7] Not affected Mitigated Mitigated Only as fallback
[n 15][27]
Mitigated Vulnerable Yes[n 14]
44–46 47 No No[28] نعم نعم نعم نعم
(only desktop)
نعم needs ECC compatible OS[7] Not affected Mitigated Not affected Only as fallback
[n 15]
Mitigated Mitigated[29] Temporary
[n 11]
Google Android OS Browser
[30]
Android 1.0, 1.1, 1.5, 1.6, 2.0–2.1, 2.2–2.2.3 No Enabled by default نعم لا لا غير معروف لا لا غير معروف غير معروف Vulnerable Vulnerable Vulnerable Vulnerable لا
Android 2.3–2.3.7, 3.0–3.2.6, 4.0–4.0.4, 4.1–4.3.1 No Enabled by default نعم لا لا غير معروف نعم[6] since Android OS 3.0[31] غير معروف غير معروف Vulnerable Vulnerable Vulnerable Vulnerable لا
Android 4.4–4.4.4 No Enabled by default نعم Disabled by default Disabled by default غير معروف نعم نعم[7] غير معروف غير معروف Vulnerable Vulnerable Vulnerable Vulnerable لا
Android 5.0-5.0.2 No Enabled by default نعم نعم[32] نعم[32] غير معروف نعم نعم غير معروف غير معروف Vulnerable Vulnerable Vulnerable Vulnerable لا
Android 5.1-5.1.1 No No نعم نعم نعم غير معروف نعم نعم غير معروف غير معروف Not affected Only as fallback
[n 15]
Mitigated Mitigated لا
Android 6.0 No No نعم نعم نعم غير معروف نعم نعم غير معروف غير معروف Not affected غير معروف Mitigated Mitigated غير معروف
Browser Version Platforms SSL 2.0 (insecure) SSL 3.0 (insecure) TLS 1.0 TLS 1.1 TLS 1.2 EV certificate SHA-2 certificate ECDSA certificate BEAST CRIME POODLE (SSLv3) RC4 FREAK Logjam Protocol selection by user
Mozilla Firefox
(Firefox for mobile)
[n 16]
1.0 Windows (XP SP2+)
OS X (10.6+)
Linux
Android (2.3+)
iOS (8.2+)
Firefox OS
Maemo

ESR only for:
Windows (XP SP2+)
OS X (10.6+)
Linux
Enabled by default
[33]
Enabled by default
[33]
نعم[33] لا لا لا نعم[6] لا Not affected
[34]
Not affected Vulnerable Vulnerable Not affected Vulnerable Yes[n 10]
1.5 Enabled by default Enabled by default نعم لا لا لا نعم لا Not affected Not affected Vulnerable Vulnerable Not affected Vulnerable Yes[n 10]
2 Disabled by default
[33][35]
Enabled by default نعم لا لا لا نعم نعم[7] Not affected Not affected Vulnerable Vulnerable Not affected Vulnerable Yes[n 10]
3–7 Disabled by default Enabled by default نعم لا لا نعم نعم نعم Not affected Not affected Vulnerable Vulnerable Not affected Vulnerable Yes[n 10]
8–10
ESR 10
No[35] Enabled by default نعم لا لا نعم نعم نعم Not affected Not affected Vulnerable Vulnerable Not affected Vulnerable Yes[n 10]
11–14 No Enabled by default نعم لا لا نعم نعم نعم Not affected Vulnerable
(SPDY)[16]
Vulnerable Vulnerable Not affected Vulnerable Yes[n 10]
15–22
ESR 17.0–17.0.10
No Enabled by default نعم لا لا نعم نعم نعم Not affected Mitigated Vulnerable Vulnerable Not affected Vulnerable Yes[n 10]
ESR 17.0.11 No Enabled by default نعم لا لا نعم نعم نعم Not affected Mitigated Vulnerable Lowest priority
[36][37]
Not affected Vulnerable Yes[n 10]
23 No Enabled by default نعم Disabled by default
[38]
لا نعم نعم نعم Not affected Mitigated Vulnerable Vulnerable Not affected Vulnerable Yes[n 17]
24, 25.0.0
ESR 24.0–24.1.0
No Enabled by default نعم Disabled by default Disabled by default
[40]
نعم نعم نعم Not affected Mitigated Vulnerable Vulnerable Not affected Vulnerable Yes[n 17]
25.0.1, 26
ESR 24.1.1
No Enabled by default نعم Disabled by default Disabled by default نعم نعم نعم Not affected Mitigated Vulnerable Lowest priority
[36][37]
Not affected Vulnerable Yes[n 17]
27–33
ESR 31.0–31.2
No Enabled by default نعم نعم[41][42] نعم[43][42] نعم نعم نعم Not affected Mitigated Vulnerable Lowest priority Not affected Vulnerable Yes[n 17]
34, 35
ESR 31.3–31.7
No Disabled by default
[44][45]
نعم نعم نعم نعم نعم نعم Not affected Mitigated Mitigated
[n 18]
Lowest priority Not affected Vulnerable Yes[n 17]
ESR 31.8 No Disabled by default نعم نعم نعم نعم نعم نعم Not affected Mitigated Mitigated Lowest priority Not affected Mitigated[48] Yes[n 17]
36–38
ESR 38.0
No Disabled by default نعم نعم نعم نعم نعم نعم Not affected Mitigated Mitigated Only as fallback
[n 15][49]
Not affected Vulnerable Yes[n 17]
ESR 38.1
ESR 38.3
ESR 38.4 No Disabled by default نعم نعم نعم نعم نعم نعم Not affected Mitigated Mitigated Only as fallback
[n 15]
Not affected Mitigated[48] Yes[n 17]
ESR 38.5
ESR 38.8
39–41 42 No No[50] نعم نعم نعم نعم نعم نعم Not affected Mitigated Not affected Only as fallback
[n 15]
Not affected Mitigated[48] Yes[n 17]
43
44 ESR 45 No No نعم نعم نعم نعم نعم نعم Not affected Mitigated Not affected Not affected[n 19] Not affected Mitigated Yes[n 17]
Browser Version Platforms SSL 2.0 (insecure) SSL 3.0 (insecure) TLS 1.0 TLS 1.1 TLS 1.2 EV certificate SHA-2 certificate ECDSA certificate BEAST CRIME POODLE (SSLv3) RC4 FREAK Logjam Protocol selection by user
Microsoft Internet Explorer
[n 20]
1.x Windows 3.1, 95, NT[n 21],[n 22]
Mac OS 7, 8
No SSL/TLS support
2 Yes No لا لا لا لا لا لا No SSL 3.0 or TLS support Vulnerable Vulnerable Vulnerable {{N/A}}
3 Yes Yes[56] لا لا لا لا لا لا Vulnerable Not affected Vulnerable Vulnerable Vulnerable Vulnerable غير معروف
4, 5 Windows 3.1, 95, 98, NT[n 21],[n 22]
Mac OS 7.1, 8, X,
Solaris,HP-UX
Enabled by default Enabled by default Disabled by default
[56]
لا لا لا لا لا Vulnerable Not affected Vulnerable Vulnerable Vulnerable Vulnerable Yes[n 10]
6 Windows 98, ME, NT[n 21], 2000[n 22] Enabled by default Enabled by default Disabled by default
[56]
لا لا لا لا لا Vulnerable Not affected Vulnerable Vulnerable Vulnerable Vulnerable Yes[n 10]
6 Windows XP[n 22] Enabled by default Enabled by default Disabled by default لا لا لا نعم
[n 23] [57]
لا Mitigated Not affected Vulnerable Vulnerable Vulnerable Vulnerable Yes[n 10]
6 Server 2003[n 22] Enabled by default Enabled by default Disabled by default لا لا لا نعم
[n 23] [57]
لا Mitigated Not affected Vulnerable Vulnerable Mitigated
[60]
Mitigated
[61]
Yes[n 10]
7, 8 Windows XP[n 22] Disabled by default
[62]
Enabled by default نعم[62] لا لا نعم نعم
[n 23] [57]
لا Mitigated Not affected Vulnerable Vulnerable Vulnerable Vulnerable Yes[n 10]
7, 8 Server 2003[n 22] Disabled by default
[62]
Enabled by default نعم[62] لا لا نعم نعم
[n 23] [57]
لا Mitigated Not affected Vulnerable Vulnerable Mitigated
[60]
Mitigated
[61]
Yes[n 10]
7, 8[n 24] 9 Windows Vista Disabled by default Enabled by default نعم لا لا نعم نعم نعم[7] Mitigated Not affected Vulnerable Vulnerable Mitigated
[60]
Mitigated
[61]
Yes[n 10]
Server 2008
8, 9, 10[n 24] Windows 7 Disabled by default Enabled by default نعم Disabled by default
[64]
Disabled by default
[64]
نعم نعم نعم Mitigated Not affected Vulnerable Lowest priority
[65][n 25]
Mitigated
[60]
Mitigated
[61]
Yes[n 10]
Server 2008 R2
10[n 24] Windows 8 Disabled by default Enabled by default نعم Disabled by default
[64]
Disabled by default
[64]
نعم نعم نعم Mitigated Not affected Vulnerable Lowest priority
[65][n 25]
Mitigated
[60]
Mitigated
[61]
Yes[n 10]
10 Server 2012
11 Windows 7 Disabled by default Disabled by default
[n 26]
نعم نعم[67] نعم[67] نعم نعم نعم Mitigated Not affected Mitigated
[n 26]
Lowest priority
[65][n 25]
Mitigated
[60]
Mitigated
[61]
Yes[n 10]
Server 2008 R2
11 Windows 8.1 Disabled by default Disabled by default
[n 26]
نعم نعم[67] نعم[67] نعم نعم نعم Mitigated Not affected Mitigated
[n 26]
Only as fallback
[n 15][71][72]
Mitigated
[60]
Mitigated
[61]
Yes[n 10]
Server 2012 R2
Microsoft Edge[n 27]
and (as fallback)
Internet Explorer[n 20]
IE 11 Edge[n 28] Windows 10 Disabled by default Disabled by default نعم نعم نعم نعم نعم نعم Mitigated Not affected Mitigated Only as fallback
[n 15]
Mitigated Mitigated Yes[n 10]
Server 2016
Microsoft Internet Explorer Mobile
[n 20]
7, 9 Windows Phone 7, 7.5, 7.8 Disabled by default
[62]
Enabled by default نعم لا
[بحاجة لمصدر]
لا
[بحاجة لمصدر]
لا
[بحاجة لمصدر]
نعم نعم[31] غير معروف Not affected Vulnerable Vulnerable Vulnerable Vulnerable Only with 3rd party tools[n 29]
10 Windows Phone 8 Disabled by default Enabled by default نعم Disabled by default
[75]
Disabled by default
[75]
لا
[بحاجة لمصدر]
نعم نعم[76] Mitigated Not affected Vulnerable Vulnerable Vulnerable Vulnerable Only with 3rd party tools[n 29]
11 Windows Phone 8.1 Disabled by default Enabled by default نعم نعم[77] نعم[77] لا
[بحاجة لمصدر]
نعم نعم Mitigated Not affected Vulnerable Only as fallback
[n 15][71][72]
Vulnerable Vulnerable Only with 3rd party tools[n 29]
Microsoft Edge
[n 27]
Edge Windows 10 Mobile Disabled by default Disabled by default نعم نعم نعم نعم نعم نعم Mitigated Not affected Mitigated Only as fallback
[n 15]
Mitigated غير معروف غير معروف
Browser Version Platforms SSL 2.0 (insecure) SSL 3.0 (insecure) TLS 1.0 TLS 1.1 TLS 1.2 EV certificate SHA-2 certificate ECDSA certificate BEAST CRIME POODLE (SSLv3) RC4 FREAK Logjam Protocol selection by user
Opera Browser
(Opera Mobile)
(Pre-Presto and Presto)
[n 30]
1-2 Windows
OS X
Linux
Android
Symbian S60
Maemo
Windows Mobile
No SSL/TLS support[79]
3 Yes[80] No لا لا لا لا لا لا No SSL 3.0 or TLS support Vulnerable غير معروف غير معروف {{N/A}}
4 Yes Yes[81] لا لا لا لا لا لا Vulnerable Not affected Vulnerable Vulnerable غير معروف غير معروف غير معروف
5 Enabled by default Enabled by default نعم[82] لا لا لا لا لا Vulnerable Not affected Vulnerable Vulnerable غير معروف غير معروف Yes[n 10]
6-7 Enabled by default Enabled by default نعم[82] لا لا لا نعم[6] لا Vulnerable Not affected Vulnerable Vulnerable غير معروف غير معروف Yes[n 10]
8 Enabled by default Enabled by default نعم Disabled by default
[83]
لا لا نعم لا Vulnerable Not affected Vulnerable Vulnerable غير معروف غير معروف Yes[n 10]
9 Disabled by default
[84]
Enabled by default نعم نعم لا since v9.5
(only desktop)
نعم لا Vulnerable Not affected Vulnerable Vulnerable غير معروف غير معروف Yes[n 10]
10–11.52 No[85] Enabled by default نعم Disabled by default Disabled by default
[85]
نعم
(only desktop)
نعم لا Vulnerable Not affected Vulnerable Vulnerable غير معروف غير معروف Yes[n 10]
11.60–11.64 No Enabled by default نعم Disabled by default Disabled by default نعم
(only desktop)
نعم لا Mitigated
[86]
Not affected Vulnerable Vulnerable غير معروف غير معروف Yes[n 10]
12–12.14 No Disabled by default
[n 31]
نعم Disabled by default Disabled by default نعم
(only desktop)
نعم لا Mitigated Not affected Mitigated
[n 31]
Vulnerable غير معروف Mitigated[88] Yes[n 10]
12.15–12.17 No Disabled by default نعم Disabled by default Disabled by default نعم
(only desktop)
نعم لا Mitigated Not affected Mitigated Partly mitigated
[89][90]
غير معروف Mitigated[88] Yes[n 10]
Opera Browser
(Opera Mobile)
(Webkit and Blink)
[n 32]
14–16 Windows (XP+)
OS X (10.7+)
Linux
Android (4.0+)
No Enabled by default نعم نعم[93] لا[93] نعم
(only desktop)
needs SHA-2 compatible OS[6] needs ECC compatible OS[7] Not affected Mitigated Vulnerable Vulnerable Vulnerable
(except Windows)
Vulnerable Temporary
[n 11]
17–19 No Enabled by default نعم نعم[94] نعم[94] نعم
(only desktop)
needs SHA-2 compatible OS[6] needs ECC compatible OS[7] Not affected Mitigated Vulnerable Vulnerable Vulnerable
(except Windows)
Vulnerable Temporary
[n 11]
20–24 No Enabled by default نعم نعم نعم نعم
(only desktop)
needs SHA-2 compatible OS[6] needs ECC compatible OS[7] Not affected Mitigated Partly mitigated
[n 33]
Lowest priority
[95]
Vulnerable
(except Windows)
Vulnerable Temporary
[n 11]
25, 26 No Enabled by default
[n 34]
نعم نعم نعم نعم
(only desktop)
نعم needs ECC compatible OS[7] Not affected Mitigated Mitigated
[n 35]
Lowest priority Vulnerable
(except Windows)
Vulnerable Temporary
[n 11]
27 No Disabled by default
[26]
نعم نعم نعم نعم
(only desktop)
نعم needs ECC compatible OS[7] Not affected Mitigated Mitigated
[n 36]
Lowest priority Vulnerable
(except Windows)
Vulnerable Yes[n 37]
(only desktop)
28, 29 No Disabled by default نعم نعم نعم نعم
(only desktop)
نعم needs ECC compatible OS[7] Not affected Mitigated Mitigated Lowest priority Mitigated Vulnerable Yes[n 37]
(only desktop)
30 No Disabled by default نعم نعم نعم نعم
(only desktop)
نعم needs ECC compatible OS[7] Not affected Mitigated Mitigated Only as fallback
[n 15][27]
Mitigated Mitigated[88] Yes[n 37]
(only desktop)
31, 32 33 No No[28] نعم نعم نعم نعم
(only desktop)
نعم needs ECC compatible OS[7] Not affected Mitigated Not affected Only as fallback
[n 15][27]
Mitigated Mitigated Temporary
[n 11]
Browser Version Platforms SSL 2.0 (insecure) SSL 3.0 (insecure) TLS 1.0 TLS 1.1 TLS 1.2 EV certificate SHA-2 certificate ECDSA certificate BEAST CRIME POODLE (SSLv3) RC4 FREAK Logjam Protocol selection by user
Apple Safari
[n 38]
1 Mac OS X 10.2, 10.3 No[100] Yes نعم لا لا لا لا لا Vulnerable Not affected Vulnerable Vulnerable Vulnerable Vulnerable لا
2–5 Mac OS X 10.4, 10.5, Win XP No Yes نعم لا لا since v3.2 لا لا Vulnerable Not affected Vulnerable Vulnerable Vulnerable Vulnerable لا
3–5 Vista,Win 7 No Yes نعم لا لا since v3.2 لا نعم[31] Vulnerable Not affected Vulnerable Vulnerable Vulnerable Vulnerable لا
4–6 Mac OS X 10.6, 10.7 No Yes نعم لا لا نعم نعم[6] نعم[7] Vulnerable Not affected Vulnerable Vulnerable Vulnerable Vulnerable لا
6 OS X 10.8 No Yes نعم لا لا نعم نعم نعم[7] Mitigated
[n 39]
Not affected Mitigated
[n 40]
Vulnerable
[n 40]
Mitigated
[106]
Vulnerable لا
7 9 OS X 10.9 No Yes نعم نعم[107] نعم[107] نعم نعم نعم Mitigated
[102]
Not affected Mitigated
[n 40]
Vulnerable
[n 40]
Mitigated
[106]
Vulnerable لا
8 9 OS X 10.10 No Yes نعم نعم نعم نعم نعم نعم Mitigated Not affected Mitigated
[n 40]
Lowest priority
[108][n 40]
Mitigated
[106]
Mitigated
[109]
لا
9 OS X 10.11 No No نعم نعم نعم نعم نعم نعم Mitigated Not affected Not affected Lowest priority Mitigated Mitigated لا
Apple Safari
(mobile)
[n 41]
3 iPhone OS 1, 2 No[113] Yes نعم لا لا لا لا غير معروف Vulnerable Not affected Vulnerable Vulnerable Vulnerable Vulnerable لا
4, 5 iPhone OS 3, iOS 4 No Yes نعم لا لا نعم[114] نعم since iOS 4[31] Vulnerable Not affected Vulnerable Vulnerable Vulnerable Vulnerable لا
5, 6 iOS 5, 6 No Yes نعم نعم[110] نعم[110] نعم نعم نعم Vulnerable Not affected Vulnerable Vulnerable Vulnerable Vulnerable لا
7 iOS 7 No Yes نعم نعم نعم نعم نعم نعم[115] Mitigated
[116]
Not affected Vulnerable Vulnerable Vulnerable Vulnerable لا
8 iOS 8 No Yes نعم نعم نعم نعم نعم نعم Mitigated Not affected Mitigated
[n 40]
Lowest priority
[117][n 40]
Mitigated
[118]
Mitigated
[119]
لا
9 iOS 9 No No نعم نعم نعم نعم نعم نعم Mitigated Not affected Not affected Lowest priority Mitigated Mitigated لا
Browser Version Platforms SSL 2.0 (insecure) SSL 3.0 (insecure) TLS 1.0 TLS 1.1 TLS 1.2 EV
[n 3]
SHA-2 ECDSA BEAST[n 4] CRIME[n 5] POODLE (SSLv3)[n 6] RC4[n 7] FREAK[8][9] Logjam Protocol selection by user
SSL protocols TLS protocols Certificate Support Vulnerabilities fixed
Color or Note Significance
Browser version Platform
Browser version Operating system Future release; under development
Browser version Operating system Current latest release
Browser version Operating system Former release; still supported
Browser version Operating system Former release; long-term support still active, but will end in less than 12 months
Browser version Operating system Former release; no longer supported
n/a Operating system Mixed / Unspecified
Operating system (Version+) Minimum required operating system version (for the current latest version of the browser)
Operating system No longer supported for this operating system
Notes
  1. ^ Does the browser have mitigations or is not vulnerable for the known attacks. Note actual security depends on other factors such as negotiated cipher, encryption strength etc (see #Cipher table).
  2. ^ Whether a user or administrator can choose the protocols to be used or not. If yes, several attacks such as BEAST (vulnerable in SSL 3.0 and TLS 1.0) or POODLE (vulnerable in SSL 3.0) can be avoided.
  3. ^ أ ب Whether EV SSL and DV SSL (normal SSL) can be distinguished by indicators (green lock icon, green address bar, etc.) or not.
  4. ^ أ ب e.g. 1/n-1 record splitting.
  5. ^ أ ب e.g. Disabling header compression in HTTPS/SPDY.
  6. ^ أ ب
    • Complete mitigations; disabling SSL 3.0 itself, "anti-POODLE record splitting". "Anti-POODLE record splitting" is effective only with client-side implementation and valid according to the SSL 3.0 specification, however, it may also cause compatibility issues due to problems in server-side implementations.
    • Partial mitigations; disabling fallback to SSL 3.0, TLS_FALLBACK_SCSV, disabling cipher suites with CBC mode of operation. If the server also supports TLS_FALLBACK_SCSV, the POODLE attack will fail against this combination of server and browser, but connections where the server does not support TLS_FALLBACK_SCSV and does support SSL 3.0 will still be vulnerable. If disabling cipher suites with CBC mode of operation in SSL 3.0, only cipher suites with RC4 are available, RC4 attacks become easier.
    • When disabling SSL 3.0 manually, POODLE attack will fail.
  7. ^ أ ب
    • Complete mitigation; disabling cipher suites with RC4.
    • Partial mitigations to keeping compatibility with old systems; setting the priority of RC4 to lower.
  8. ^ Google Chrome (and Chromium) supports TLS 1.0, and TLS 1.1 from version 22 (it was added, then dropped from version 21). TLS 1.2 support has been added, then dropped from Chrome 29.[10][11][12]
  9. ^ Uses the TLS implementation provided by BoringSSL for Android, OS X, and Windows[13] or by NSS for Linux. Google is switching the TLS library used in Chrome to BoringSSL from NSS completely.
  10. ^ أ ب ت ث ج ح خ د ذ ر ز س ش ص ض ط ظ ع غ ف ق ك ل م ن هـ و ي أأ أب أت configure enabling/disabling of each protocols via setting/option (menu name is dependent on browsers)
  11. ^ أ ب ت ث ج ح خ د ذ ر ز configure the maximum and the minimum version of enabling protocols with command-line option
  12. ^ TLS_FALLBACK_SCSV is implemented.[21] Fallback to SSL 3.0 is disabled since version 39.[22]
  13. ^ In addition to TLS_FALLBACK_SCSV and disabling a fallback to SSL 3.0, SSL 3.0 itself is disabled by default.[22]
  14. ^ أ ب ت configure the minimum version of enabling protocols via chrome://flags[26] (the maximum version can be configured with command-line option)
  15. ^ أ ب ت ث ج ح خ د ذ ر ز س Only when no cipher suites with other than RC4 is available, cipher suites with RC4 will be used as a fallback.
  16. ^ Uses the TLS implementation provided by NSS. As of Firefox 22, Firefox supports only TLS 1.0 despite the bundled NSS supporting TLS 1.1. Since Firefox 23, TLS 1.1 can be enabled, but was not enabled by default due to issues. Firefox 24 has TLS 1.2 support disabled by default. TLS 1.1 and TLS 1.2 have been enabled by default in Firefox 27 release.
  17. ^ أ ب ت ث ج ح خ د ذ ر configure the maximum and the minimum version of enabling protocols via about:config or add-on[39]
  18. ^ SSL 3.0 itself is disabled by default.[44] In addition, fallback to SSL 3.0 is disabled since version 34,[46] and TLS_FALLBACK_SCSV is implemented since 35.0 and ESR 31.3.[44][47]
  19. ^ All RC4 cipher-suites is disabled by default.[51][52][53]
  20. ^ أ ب ت IE uses the TLS implementation of the Microsoft Windows operating system provided by the SChannel security support provider. TLS 1.1 and 1.2 are disabled by default until IE11.[54][55]
  21. ^ أ ب ت Windows NT 3.1 supports IE 1–2, Windows NT 3.5 supports IE 1–3, Windows NT 3.51 and Windows NT 4.0 supports IE 1–6
  22. ^ أ ب ت ث ج ح خ Windows XP as well as Server 2003 and older only support weak ciphers like 3DES and RC4.[58] The weak ciphers of these SChannel version are not only used for IE. They are also used for other Microsoft products running on this OS, e.g like Office. Only Windows Server 2003 can get a manually update to support AES ciphers by KB948963[59]
  23. ^ أ ب ت ث MS13-095 or MS14-049 for 2003 and XP-64 or SP3 for XP (32-bit)
  24. ^ أ ب ت Internet Explorer Support Announcement[63]
  25. ^ أ ب ت RC4 can be disabled except as a fallback (Only when no cipher suites with other than RC4 is available, cipher suites with RC4 will be used as a fallback.)[66]
  26. ^ أ ب ت ث Fallback to SSL 3.0 is sites blocked by default in Internet Explorer 11 for Protected Mode.[68][69] SSL 3.0 is disabled by default in Internet Explorer 11 since April 2015.[70]
  27. ^ أ ب Edge (formerly known as Project Spartan) is based on a fork of the Internet Explorer 11 rendering engine.
  28. ^ Except Windows 10 LTSB 2015 (LongTermSupportBranch)[73]
  29. ^ أ ب ت Could be disabled via registry editing but need 3rd Party tools to do this.[74]
  30. ^ Opera 10 added support for TLS 1.2 as of Presto 2.2. Previous support was for TLS 1.0 and 1.1. TLS 1.1 and 1.2 are disabled by default (except for version 9[78] that enabled TLS 1.1 by default).
  31. ^ أ ب SSL 3.0 is disabled by default remotely since October 15, 2014[87]
  32. ^ TLS support of Opera 14 and above is same as that of Chrome, because Opera has migrated to Chromium backend (Opera 14 for Android is based on Chromium 26 with WebKit,[91] and Opera 15 and above are based on Chromium 28 and above with Blink[92]).
  33. ^ TLS_FALLBACK_SCSV is implemented.[95]
  34. ^ SSL 3.0 is enabled by default, with some mitigations against known vulnerabilities such as BEAST and POODLE implemented.[87]
  35. ^ In addition to TLS_FALLBACK_SCSV, "anti-POODLE record splitting" is implemented.[87]
  36. ^ In addition to TLS_FALLBACK_SCSV and "anti-POODLE record splitting", SSL 3.0 itself is disabled by default.[26]
  37. ^ أ ب ت configure the minimum version of enabling protocols via opera://flags[26] (the maximum version can be configured with command-line option)
  38. ^ Safari uses the operating system implementation on Mac OS X, Windows (XP, Vista, 7)[96] with unknown version,[97] Safari 5 is the last version available for Windows. OS X 10.8 on have SecureTransport support for TLS 1.1 and 1.2[98] Qualys SSL report simulates Safari 5.1.9 connecting with TLS 1.0 not 1.1 or 1.2[99]
  39. ^ In September 2013, Apple implemented BEAST mitigation in OS X 10.8 (Mountain Lion), but it was not turned on by default resulting in Safari still being theoretically vulnerable to the BEAST attack on that platform.[101][102] BEAST mitigation has been enabled by default from OS X 10.8.5 updated in February 2014.[103]
  40. ^ أ ب ت ث ج ح خ د Because Apple removed support for all CBC protocols in SSL 3.0 to mitigate POODLE[104][105], this leaves only RC4 which is also completely broken by the RC4 attacks in SSL 3.0.
  41. ^ Mobile Safari and third-party software utilizing the system UIWebView library use the iOS operating system implementation, which supports TLS 1.2 as of iOS 5.0.[110][111][112]


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

المكتبات

الدعم المكتبي لــ TLS/SSL
Implementation SSL 2.0 (insecure) SSL 3.0 (insecure) TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3
(Draft)
Botan No No[120] نعم نعم نعم
cryptlib No Enabled by default نعم نعم نعم
GnuTLS No[a] Disabled by default[121] نعم نعم نعم
Java Secure Socket Extension No[a] Disabled by default[b] نعم نعم نعم
LibreSSL No[122] No[123] نعم نعم نعم
MatrixSSL No[a] Disabled by default at compile time[124] نعم نعم نعم
mbed TLS (previously PolarSSL) No Enabled by default نعم نعم نعم
Network Security Services Disabled by default[a] Disabled by default[125] نعم نعم[126] نعم[127]
OpenSSL Enabled by default Enabled by default نعم نعم[128] نعم[128]
RSA BSAFE[129] No Yes نعم نعم نعم
SChannel XP / 2003[130] Disabled by default by MSIE 7 Enabled by default Enabled by default by MSIE 7 لا لا
SChannel Vista / 2008[131] Disabled by default Enabled by default نعم لا لا
SChannel 7 / 2008 R2[132] Disabled by default Disabled by default in MSIE 11 نعم Enabled by default by MSIE 11 Enabled by default by MSIE 11
SChannel 8 / 2012[132] Disabled by default Enabled by default نعم Disabled by default Disabled by default
SChannel 8.1 / 2012 R2, 10[132] Disabled by default Disabled by default in MSIE 11 نعم نعم نعم
Secure Transport OS X 10.2-10.8 / iOS 1-4 Yes Yes نعم لا لا
Secure Transport OS X 10.9-10.10 / iOS 5-8 No[c] Yes نعم نعم[c] نعم[c]
Secure Transport OS X 10.11 / iOS 9 No No[c] نعم نعم نعم
SharkSSL No Enabled by default نعم نعم نعم
wolfSSL (previously CyaSSL) No Disabled by default[133] نعم نعم نعم
Implementation SSL 2.0 (insecure) SSL 3.0 (insecure) TLS 1.0 TLS 1.1 TLS 1.2 TLS 1.3
(Draft)

استخدامات أخرى

الأمن

يوفر هذا البروتوكول الأمن بأسلوب غير مرئي للمستخدم، فالعمليات التي يقوم بها بروتوكول تتم فوق طبقة الخدمات الأساسية لحزمة بروتوكولات الإنترنت، فالبرمجيات التي تستخدم ميفاق ضبط الإرسال تقوم بتعيين منفذ أو مقبس لكلا طرفي الاتصال، ويتم ذلك من خلال رسم خارطة للإجراءات البرمجية عند كل طرف من أطراف الاتصال.


SSL 2.0

SSL 3.0

TLS

الهجمات المضادة لــ TLS/SSL

السرية الأمامية

سجل TLS

+ بايت +0 بايت +1 بايت +2 بايت +3
بايت
0
نوع المحتوى  
بايت
1..4
الإصدار الطول
(رئيسي) (هامشي) (بيت 15..8) (بيت 7..0)
Bytes
5..(m-1)
Protocol message(s)
بايت
m..(p-1)
MAC (optional)
بايت
p..(q-1)
Padding (block ciphers only)
نوع المحتوى
أنواع المحتوى
Hex Dec Type
0x14 20 ChangeCipherSpec
0x15 21 Alert
0x16 22 Handshake
0x17 23 Application
0x18 24 Heartbeat
Version
This field identifies the major and minor version of TLS for the contained message. For a ClientHello message, this need not be the highest version supported by the client.
Versions
الإصدار
الرئيسي
الإصدار
الهامشي
نوع الإصدار
3 0 SSL 3.0
3 1 TLS 1.0
3 2 TLS 1.1
3 3 TLS 1.2


. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .

دعم الخوادم الافتراضية المعتمدة على الاسم

المعايير

انظر أيضاً

المصادر

  1. ^ T. Dierks, E. Rescorla (August 2008). "The Transport Layer Security (TLS) Protocol, Version 1.2".
  2. ^ أ ب As of October 4, 2015. "SSL Pulse: Survey of the SSL Implementation of the Most Popular Web Sites". Retrieved 2015-10-19.
  3. ^ ivanr. "RC4 in TLS is Broken: Now What?". Qualsys Security Labs. Retrieved 2013-07-30.
  4. ^ خطأ استشهاد: وسم <ref> غير صحيح؛ لا نص تم توفيره للمراجع المسماة poodle_pdf
  5. ^ "What browsers support Extended Validation (EV) and display an EV indicator?". Symantec. Retrieved 2014-07-28.
  6. ^ أ ب ت ث ج ح خ د ذ ر ز س ش ص ض "SHA-256 Compatibility". Retrieved 2015-06-12.
  7. ^ أ ب ت ث ج ح خ د ذ ر ز س ش ص ض ط ظ ع غ ف ق ك ل م ن هـ "ECC Compatibility". Retrieved 2015-06-13.
  8. ^ أ ب "Tracking the FREAK Attack". Retrieved 2015-03-08.
  9. ^ أ ب "FREAK: Factoring RSA Export Keys". Retrieved 2015-03-08.
  10. ^ Google (2012-05-29). "Dev Channel Update". Retrieved 2011-06-01. {{cite web}}: |author= has generic name (help)
  11. ^ Google (2012-08-21). "Stable Channel Update". Retrieved 2012-08-22. {{cite web}}: |author= has generic name (help)
  12. ^ Chromium Project (2013-05-30). "Chromium TLS 1.2 Implementation".
  13. ^ "The Chromium Project: BoringSSL". Retrieved 2015-09-05.
  14. ^ "Chrome Stable Release". Chrome Releases. Google. 2011-10-25. Retrieved 2015-02-01.
  15. ^ "SVN revision log on Chrome 10.0.648.127 release". Retrieved 2014-06-19.
  16. ^ أ ب "ImperialViolet - CRIME". 2012-09-22. Retrieved 2014-10-18.
  17. ^ أ ب "SSL/TLS Overview". 2008-08-06. Retrieved 2013-03-29.
  18. ^ أ ب "Chromium Issue 90392". 2008-08-06. Retrieved 2013-06-28.
  19. ^ أ ب "Issue 23503030 Merge 219882". 2013-09-03. Retrieved 2013-09-19.
  20. ^ أ ب "Issue 278370: Unable to submit client certificates over TLS 1.2 from Windows". 2013-08-23. Retrieved 2013-10-03.
  21. ^ Möller, Bodo (October 14, 2014). "This POODLE bites: exploiting the SSL 3.0 fallback". Google Online Security blog. Google (via Blogspot). Retrieved 2014-10-28.
  22. ^ أ ب ت "An update on SSLv3 in Chrome". Security-dev. Google. 2014-10-31. Retrieved 2014-11-04.
  23. ^ "Stable Channel Update". Mozilla Developer Network. Google. 2014-02-20. Retrieved 2014-11-14.
  24. ^ "Changelog for Chrome 33.0.1750.117". Google. Google. Retrieved 2014-11-14.
  25. ^ "Issue 318442: Update to NSS 3.15.3 and NSPR 4.10.2". Retrieved 2014-11-14.
  26. ^ أ ب ت ث ج "Issue 693963003: Add minimum TLS version control to about:flags and Finch gate it. - Code Review". Retrieved 2015-01-22.
  27. ^ أ ب ت "Issue 375342: Drop RC4 Support". Retrieved 2015-05-22.
  28. ^ أ ب "Issue 436391: Add info on end of life of SSLVersionFallbackMin & SSLVersionMin policy in documentation". Retrieved 2015-04-19.
  29. ^ "Issue 490240: Increase minimum DH size to 1024 bits (tracking bug)". Retrieved 2015-05-29. {{cite web}}: horizontal tab character in |title= at position 15 (help)
  30. ^ "SSLSocket | Android Developers". Retrieved 2015-03-11.
  31. ^ أ ب ت ث "What browsers work with Universal SSL". Retrieved 2015-06-15.
  32. ^ أ ب "Android 5.0 Behavior Changes | Android Developers". Retrieved 2015-03-11.
  33. ^ أ ب ت ث "Security in Firefox 2". 2008-08-06. Retrieved 2009-03-31.
  34. ^ "Attack against TLS-protected communications". Mozilla Security Blog. Mozilla. 2011-09-27. Retrieved 2015-02-01.
  35. ^ أ ب "Introduction to SSL". MDN. Retrieved 2014-06-19.
  36. ^ أ ب "NSS 3.15.3 Release Notes". Mozilla Developer Network. Mozilla. Retrieved 2014-07-13.
  37. ^ أ ب "MFSA 2013-103: Miscellaneous Network Security Services (NSS) vulnerabilities". Mozilla. Mozilla. Retrieved 2014-07-13.
  38. ^ "Bug 565047 – (RFC4346) Implement TLS 1.1 (RFC 4346)". Retrieved 2013-10-29.
  39. ^ SSL Version Control :: Add-ons for Firefox
  40. ^ "Bug 480514 – Implement support for TLS 1.2 (RFC 5246)". Retrieved 2013-10-29.
  41. ^ "Bug 733647 – Implement TLS 1.1 (RFC 4346) in Gecko (Firefox, Thunderbird), on by default". Retrieved 2013-12-04.
  42. ^ أ ب "Firefox Notes – Desktop". 2014-02-04. Retrieved 2014-02-04.
  43. ^ "Bug 861266 – Implement TLS 1.2 (RFC 5246) in Gecko (Firefox, Thunderbird), on by default". Retrieved 2013-11-18.
  44. ^ أ ب ت "The POODLE Attack and the End of SSL 3.0". Mozilla blog. Mozilla. 2014-10-14. Retrieved 2014-10-28.
  45. ^ "Firefox — Notes (34.0) — Mozilla". mozilla.org. 2014-12-01. Retrieved 2015-04-03.
  46. ^ "Bug 1083058 - A pref to control TLS version fallback". bugzilla.mozilla.org. Retrieved 2014-11-06.
  47. ^ "Bug 1036737 - Add support for draft-ietf-tls-downgrade-scsv to Gecko/Firefox". bugzilla.mozilla.org. Retrieved 2014-10-29.
  48. ^ أ ب ت "Bug 1166031 - Update to NSS 3.19.1". bugzilla.mozilla.org. Retrieved 2015-05-29.
  49. ^ "Bug 1088915 - Stop offering RC4 in the first handshakes". bugzilla.mozilla.org. Retrieved 2014-11-04.
  50. ^ "Firefox — Notes (39.0) — Mozilla". mozilla.org. 2015-06-30. Retrieved 2015-07-03.
  51. ^ "Google, Microsoft, and Mozilla will drop RC4 encryption in Chrome, Edge, IE, and Firefox next year". VentureBeat. 2015-09-01. Retrieved 2015-09-05.
  52. ^ "Intent to ship: RC4 disabled by default in Firefox 44". Retrieved 2015-10-18.
  53. ^ "RC4 is now allowed only on whitelisted sites (Reverted)". Retrieved 2015-11-02.
  54. ^ Microsoft (2012-09-05). "Secure Channel". Retrieved 2012-10-18.
  55. ^ Microsoft (2009-02-27). "MS-TLSP Appendix A". Retrieved 2009-03-19.
  56. ^ أ ب ت "What browsers only support SSLv2?". Retrieved 2014-06-19.
  57. ^ أ ب ت ث "SHA2 and Windows - Windows PKI blog - Site Home - TechNet Blogs". 2010-09-30. Retrieved 2014-07-29.
  58. ^ http://msdn.microsoft.com/en-us/library/windows/desktop/aa380512(v=vs.85).aspx
  59. ^ http://support.microsoft.com/kb/948963
  60. ^ أ ب ت ث ج ح خ "Vulnerability in Schannel Could Allow Security Feature Bypass (3046049)". 2015-03-10. Retrieved 2015-03-11.
  61. ^ أ ب ت ث ج ح خ "Vulnerability in Schannel Could Allow Information Disclosure (3061518)". 2015-05-12. Retrieved 2015-05-22.
  62. ^ أ ب ت ث ج "HTTPS Security Improvements in Internet Explorer 7". Retrieved 2013-10-29.
  63. ^ [http://support.microsoft.com/gp/msl-ie-dotnet-an
  64. ^ أ ب ت ث "Windows 7 adds support for TLSv1.1 and TLSv1.2 - IEInternals - Site Home - MSDN Blogs". Retrieved 2013-10-29.
  65. ^ أ ب ت Thomlinson, Matt (2014-11-11). "Hundreds of Millions of Microsoft Customers Now Benefit from Best-in-Class Encryption". Microsoft Security. Retrieved 2014-11-14.
  66. ^ Microsoft security advisory: Update for disabling RC4
  67. ^ أ ب ت ث Microsoft (2013-09-24). "IE11 Changes". Retrieved 2013-11-01.
  68. ^ "February 2015 security updates for Internet Explorer". 2015-02-11. Retrieved 2015-02-11.
  69. ^ "Update turns on the setting to disable SSL 3.0 fallback for protected mode sites by default in Internet Explorer 11". Retrieved 2015-02-11.
  70. ^ "Vulnerability in SSL 3.0 Could Allow Information Disclosure". 2015-04-14. Retrieved 2015-04-14.
  71. ^ أ ب "Release Notes: Important Issues in Windows 8.1 Preview". Microsoft. 2013-06-24. Retrieved 2014-11-04.
  72. ^ أ ب "W8.1(IE11) vs RC4 | Qualys Community". Retrieved 2014-11-04.
  73. ^ [http://www.zdnet.com/article/some-windows-10-enterprise-users-wont-get-microsofts-edge-browser
  74. ^ http://forum.xda-developers.com/windows-phone-8/development/poodle-ssl-vulnerability-secure-windows-t2906203
  75. ^ أ ب "What TLS version is used in Windows Phone 8 for secure HTTP connections?". Microsoft. Retrieved 2014-11-07.
  76. ^ https://www.ssllabs.com/ssltest/viewClient.html?name=IE%20Mobile&version=10&platform=Win%20Phone%208.0
  77. ^ أ ب "Platform Security". Microsoft. 2014-06-25. Retrieved 2014-11-07.
  78. ^ "Changelog for Opera 9.0 for Windows" at Opera.com
  79. ^ "Opera 2 series". Retrieved 2014-09-20.
  80. ^ "Opera 3 series". Retrieved 2014-09-20.
  81. ^ "Opera 4 series". Retrieved 2014-09-20.
  82. ^ أ ب "Changelog for Opera 5.x for Windows". Retrieved 2014-06-19.
  83. ^ "Changelog for Opera [8] Beta 2 for Windows". Retrieved 2014-06-19.
  84. ^ "Web Specifications Supported in Opera 9". Retrieved 2014-06-19.
  85. ^ أ ب "Opera: Opera 10 beta for Windows changelog". Retrieved 2014-06-19.
  86. ^ "About Opera 11.60 and new problems with some secure servers". 2011-12-11. Archived from the original on 2012-01-18.
  87. ^ أ ب ت "Security changes in Opera 25; the poodle attacks". 2014-10-15. Retrieved 2014-10-28.
  88. ^ أ ب ت "Unjam the logjam". 2015-06-09. Retrieved 2015-06-11.
  89. ^ "Advisory: RC4 encryption protocol is vulnerable to certain brute force attacks". 2013-04-04. Retrieved 2014-11-14.
  90. ^ "On the Precariousness of RC4". 2013-03-20. Archived from the original on 2013-11-12. Retrieved 2014-11-17.
  91. ^ "Dev.Opera — Opera 14 for Android Is Out!". 2013-05-21. Retrieved 2014-09-23.
  92. ^ "Dev.Opera — Introducing Opera 15 for Computers, and a Fast Release Cycle". 2013-07-02. Retrieved 2014-09-23.
  93. ^ أ ب same as Chrome 26–29
  94. ^ أ ب same as Chrome 30 and later
  95. ^ أ ب same as Chrome 33 and later
  96. ^ Adrian, Dimcev. "Common browsers/libraries/servers and the associated cipher suites implemented". TLS Cipher Suites Project.
  97. ^ Apple (2009-06-10). "Features". Retrieved 2009-06-10.
  98. ^ Curl: Patch to add TLS 1.1 and 1.2 support & replace deprecated functions in SecureTransport
  99. ^ Qualys SSL Report: google.co.uk (simulation Safari 5.1.9 TLS 1.0)
  100. ^ "Apple Secures Mac OS X with Mavericks Release - eSecurity Planet". 2013-10-25. Retrieved 2014-06-23.
  101. ^ Ristic, Ivan. "Is BEAST Still a Threat?". qualys.com.
  102. ^ أ ب Ivan Ristić (2013-10-31). "Apple enabled BEAST mitigations in OS X 10.9 Mavericks". Retrieved 2013-11-07.
  103. ^ Ivan Ristić (2014-02-26). "Apple finally releases patch for BEAST". Retrieved 2014-07-01.
  104. ^ http://support.apple.com/kb/HT6531
  105. ^ http://support.apple.com/kb/HT6541
  106. ^ أ ب ت "About Security Update 2015-002". Retrieved 2015-03-09.
  107. ^ أ ب "About the security content of OS X Mavericks v10.9". Retrieved 2014-06-20.
  108. ^ "User Agent Capabilities: Safari 8 / OS X 10.10". Qualsys SSL Labs. Retrieved 2015-03-07.
  109. ^ "About the security content of OS X Yosemite v10.10.4 and Security Update 2015-005". Retrieved 2015-07-03.
  110. ^ أ ب ت Apple (2011-10-14). "Technical Note TN2287 – iOS 5 and TLS 1.2 Interoperability Issues". Retrieved 2012-12-10.
  111. ^ Liebowitz, Matt (2011-10-13). "Apple issues huge software security patches". NBCNews.com. Retrieved 2012-12-10.
  112. ^ MWR Info Security (2012-04-16). "Adventures with iOS UIWebviews". Retrieved 2012-12-10., section "HTTPS (SSL/TLS)"
  113. ^ "Secure Transport Reference". Retrieved 2014-06-23. kSSLProtocol2 is deprecated in iOS
  114. ^ "iPhone 3.0: Mobile Safari Gets Enhanced Security Certificate Visualization | The iPhone Blog". 2009-03-31. Archived from the original on 2009-04-03.
  115. ^ https://www.ssllabs.com/ssltest/viewClient.html?name=Safari&version=7&platform=iOS%207.1
  116. ^ schurtertom (October 11, 2013). "SOAP Request fails randomly on one Server but works on an other on iOS7". Retrieved January 5, 2014.
  117. ^ "User Agent Capabilities: Safari 8 / iOS 8.1.2". Qualsys SSL Labs. Retrieved 2015-03-07.
  118. ^ "About the security content of iOS 8.2". Retrieved 2015-03-09.
  119. ^ "About the security content of iOS 8.4". Retrieved 2015-07-03.
  120. ^ "Version 1.11.13, 2015-01-11 — Botan". 2015-01-11. Retrieved 2015-01-16.
  121. ^ "[gnutls-devel] GnuTLS 3.4.0 released". 2015-04-08. Retrieved 2015-04-16.
  122. ^ "OpenBSD 5.6 Released". 2014-11-01. Retrieved 2015-01-20.
  123. ^ "LibreSSL 2.3.0 Released". 2015-09-23. Retrieved 2015-09-24.
  124. ^ "MatrixSSL - News". Retrieved 2014-11-09.
  125. ^ "NSS 3.19 release notes". Mozilla Developer Network. Mozilla. Retrieved 2015-05-06.
  126. ^ "NSS 3.14 release notes". Mozilla Developer Network. Mozilla. Retrieved 2012-10-27.
  127. ^ "NSS 3.15.1 release notes". Mozilla Developer Network. Mozilla. Retrieved 2013-08-10.
  128. ^ أ ب "Major changes between OpenSSL 1.0.0h and OpenSSL 1.0.1 [14 Mar 2012]". 2012-03-14. Retrieved 2015-01-20.[dead link]
  129. ^ "RSA BSAFE Technical Specification Comparison Tables" (PDF).
  130. ^ TLS cipher suites in Microsoft Windows XP and 2003
  131. ^ SChannel Cipher Suites in Microsoft Windows Vista
  132. ^ أ ب ت TLS Cipher Suites in SChannel for Windows 7, 2008R2, 8, 2012
  133. ^ "[wolfssl] wolfSSL 3.6.6 Released". 2015-08-20. Retrieved 2015-08-25.

قراءات إضافية

وصلات خارجية

Specifications (see Standards section for older SSL 2.0, SSL 3.0, TLS 1.0, TLS 1.1 links)

Other

هذه المقالة كانت في الأصل مبنية على مادة من Free On-line Dictionary of Computing، التي هي مرخصة تحت GFDL.

الكلمات الدالة: