RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 1 record.

Status: Held for Document Update (1)

RFC 7568, "Deprecating Secure Sockets Layer Version 3.0", June 2015

Source of RFC: tls (sec)

Errata ID: 4561

Status: Held for Document Update
Type: Editorial

Reported By: Richard Petrie
Date Reported: 2015-12-08
Held for Document Update by: Stephen Farrell
Date Held: 2015-12-08

Section 1. says:

Since it was released in 1996, the SSLv3 protocol [RFC6101] has been
   subject to a long series of attacks, both on its key exchange
   mechanism and on the encryption schemes it supports.  Despite being
   replaced by TLS 1.0 [RFC2246] in 1999, and subsequently TLS 1.1 in
   2002 [RFC4346] and 1.2 in 2006 [RFC5246], availability of these
   replacement versions has not been universal.  As a result, many
   implementations of TLS have permitted the negotiation of SSLv3.

   The predecessor of SSLv3, SSL version 2, is no longer considered
   sufficiently secure [RFC6176].  SSLv3 now follows.

It should say:

Since it was released in 1996, the SSLv3 protocol [RFC6101] has been
   subject to a long series of attacks, both on its key exchange
   mechanism and on the encryption schemes it supports.  Despite being
   replaced by TLS 1.0 [RFC2246] in 1999, and subsequently TLS 1.1 in
   2006 [RFC4346] and 1.2 in 2008 [RFC5246], availability of these
   replacement versions has not been universal.  As a result, many
   implementations of TLS have permitted the negotiation of SSLv3.

   The predecessor of SSLv3, SSL version 2, is no longer considered
   sufficiently secure [RFC6176].  SSLv3 now follows.

Notes:

TLS 1.1 was first drafted in 2002, but not published until 2006. Similarly, TLS 1.2 was drafted in 2006, but not published until 2008.

Report New Errata



Search RFCs
Advanced Search
×