Rahil Arora

Security | Fitness | Mindfulness

A Sad Story of SSL

01 November 2015

Back when I was pursuing my Master’s, I gave a small presentation on how SSL/TLS protocol has been affected by various protocol specific attacks, how these issues have been patched, and, most importantly, what could have prevented SSL/TLS from these attacks. I tried explaining these issues in the form a “story”. Since I’ve not been able to write anything new, I thought it’d be a good idea to share this presentation here. Here is the presentation (MS office online got rid off some of the animations and sound effects, but most of the other stuff is still in place):

NOTE: The attacks mentioned in the presentation are protocol specific and not implementation specific.

I also gave a separate presentation on this famous paper: The Most Dangerous Code in the World: Validating SSL Certificates in Non-Browser Software. This paper talks about some SSL/TLS implementation specific issues, which the authors found by analysing some critical libraries and applications. Here is the presentation:

Feel free to email me, if you want me to share something specific or need any advice/help. Please feel free to do the same or leave a comment below, if you have any advice for me or any comment regarding anything on this website. We are all here to learn. That’s what life is all about!