Transport Layer Security: Encyclopedia II - Transport Layer Security - History and development

Transport Layer Security - History and development

Developed by Netscape, SSL version 3.0 was released in 1996, which later served as a basis to develop TLS version 1.0, an IETF standard protocol first defined in RFC 2246. Visa, MasterCard, American Express and many leading financial institutions have endorsed SSL for commerce over the Internet.

SSL operates in modular fashion: its authors designed it for extendability, with support for forwards and backwards compatibility and negotiation between peers.

Transport Layer Security - Early weak keys

Some early implementations of SSL could use a maximum of only 40-bit symmetric keys because of US government restrictions on the export of cryptographic technology. The US government explicitly imposed a 40-bit keyspace small enough to be broken by brute-force search by law enforcement agencies wishing to read the encrypted traffic, while still presenting obstacles to less-well-funded attackers. A similar limitation applied to Lotus Notes in export versions. After several years of public controversy, a series of lawsuits, and eventual US government recognition of changes in the market availability of 'better' cryptographic products produced outside the US, the authorities relaxed some aspects of the export restrictions. The 40-bit key size limitation has mostly gone away. Modern implementations use 128-bit (or longer) keys for symmetric key ciphers.

Adapted from the Wikipedia article "History and development", under the G.N U Free Docmentation License. Please also see http://en.wikipedia.org/wiki