RFC Errata


Errata Search

 
Source of RFC  
Summary Table Full Records

Found 1 record.

Status: Held for Document Update (1)

RFC 7568, "Deprecating Secure Sockets Layer Version 3.0", June 2015

Note: This RFC has been updated by RFC 8996

Source of RFC: tls (sec)

Errata ID: 4561
Status: Held for Document Update
Type: Editorial
Publication Format(s) : TEXT

Reported By: Richard Petrie
Date Reported: 2015-12-08
Held for Document Update by: Stephen Farrell
Date Held: 2015-12-08

Section 1. says:

Since it was released in 1996, the SSLv3 protocol [RFC6101] has been
   subject to a long series of attacks, both on its key exchange
   mechanism and on the encryption schemes it supports.  Despite being
   replaced by TLS 1.0 [RFC2246] in 1999, and subsequently TLS 1.1 in
   2002 [RFC4346] and 1.2 in 2006 [RFC5246], availability of these
   replacement versions has not been universal.  As a result, many
   implementations of TLS have permitted the negotiation of SSLv3.

   The predecessor of SSLv3, SSL version 2, is no longer considered
   sufficiently secure [RFC6176].  SSLv3 now follows.

It should say:

Since it was released in 1996, the SSLv3 protocol [RFC6101] has been
   subject to a long series of attacks, both on its key exchange
   mechanism and on the encryption schemes it supports.  Despite being
   replaced by TLS 1.0 [RFC2246] in 1999, and subsequently TLS 1.1 in
   2006 [RFC4346] and 1.2 in 2008 [RFC5246], availability of these
   replacement versions has not been universal.  As a result, many
   implementations of TLS have permitted the negotiation of SSLv3.

   The predecessor of SSLv3, SSL version 2, is no longer considered
   sufficiently secure [RFC6176].  SSLv3 now follows.

Notes:

TLS 1.1 was first drafted in 2002, but not published until 2006. Similarly, TLS 1.2 was drafted in 2006, but not published until 2008.

Report New Errata



Advanced Search