![[site.logo.alt]](/presentation/images/RO_VJ_Logo.png){kind=logo}
Vulnerability in SSL and TLS
In September 2011 a vulnerability in the SSL/TLS-protocol was demonstrated. This protocol is used to set-up secure connections between browsers and websites. Researchers were able to decrypt a cookie with which they gained unauthorized access to a secured website. The attached factsheet provide a high-level description about the nature and impact of this vulnerability.
The main facts at a glance:
- TLS v1.0 and SSL contain a vulnerability that can undermine the confidentiality of information in encrypted messages.
- The more recent TLS v1.1 and v1.2 do not contain this vulnerability. However, less than one percent of the secured websites support these recent versions.
- We estimate that at this moment there is only a small chance this vulnerability can be abused, since the attack has to fulfill a complicated set of conditions that is hard to accomplish in practice.
- Software suppliers are working on solutions for their products.
- You can implement a number of counter measures to reduce the chance that this vulnerability will be exploited when you visit secured websites.