Ivan Leon
Honorary Master
- Joined
- May 27, 2008
- Messages
- 14,812
- Reaction score
- 14,687
- Location
- Planet Earth, 3rd Rock from the Sun
Looks like SANRAL haven't learnt their previous lessons about valid HTTPS security certificates for their e-toll website portal, despite numerous breaches before, and are still using TLS 1.0.
I wonder who they will blame this time? - Jan van Riebeeck again?

TLS 1.0
TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0.
As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1.0 and SSL 3.0".
TLS 1.0 does include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus weakening security.
TLS 1.1
TLS 1.1 was defined in RFC 4346 in April 2006.
It is an update from TLS version 1.0. Significant differences in this version include:
Added protection against cipher-block chaining (CBC) attacks.
The implicit initialization vector (IV) was replaced with an explicit IV.
Change in handling of padding errors.
Support for IANA registration of parameters.
TLS 1.2
TLS 1.2 was defined in RFC 5246 in August 2008.
It is based on the earlier TLS 1.1 specification. Major differences include:
The MD5-SHA-1 combination in the pseudorandom function (PRF) was replaced with SHA-256, with an option to use cipher suite specified PRFs.
The MD5-SHA-1 combination in the Finished message hash was replaced with SHA-256, with an option to use cipher suite specific hash algorithms. However the size of the hash in the finished message is still truncated to 96 bits.
The MD5-SHA-1 combination in the digitally signed element was replaced with a single hash negotiated during handshake, which defaults to SHA-1.
Enhancement in the client's and server's ability to specify which hash and signature algorithms they will accept.
Expansion of support for authenticated encryption ciphers, used mainly for Galois/Counter Mode (GCM) and CCM mode of Advanced Encryption Standard encryption.
TLS Extensions definition and Advanced Encryption Standard cipher suites were added.
All TLS versions were further refined in RFC 6176 in March 2011 removing their backward compatibility with SSL such that TLS sessions will never negotiate the use of Secure Sockets Layer (SSL) version 2.0.
http://en.wikipedia.org/wiki/Transport_Layer_Security
I wonder who they will blame this time? - Jan van Riebeeck again?

TLS 1.0
TLS 1.0 was first defined in RFC 2246 in January 1999 as an upgrade of SSL Version 3.0.
As stated in the RFC, "the differences between this protocol and SSL 3.0 are not dramatic, but they are significant enough to preclude interoperability between TLS 1.0 and SSL 3.0".
TLS 1.0 does include a means by which a TLS implementation can downgrade the connection to SSL 3.0, thus weakening security.
TLS 1.1
TLS 1.1 was defined in RFC 4346 in April 2006.
It is an update from TLS version 1.0. Significant differences in this version include:
Added protection against cipher-block chaining (CBC) attacks.
The implicit initialization vector (IV) was replaced with an explicit IV.
Change in handling of padding errors.
Support for IANA registration of parameters.
TLS 1.2
TLS 1.2 was defined in RFC 5246 in August 2008.
It is based on the earlier TLS 1.1 specification. Major differences include:
The MD5-SHA-1 combination in the pseudorandom function (PRF) was replaced with SHA-256, with an option to use cipher suite specified PRFs.
The MD5-SHA-1 combination in the Finished message hash was replaced with SHA-256, with an option to use cipher suite specific hash algorithms. However the size of the hash in the finished message is still truncated to 96 bits.
The MD5-SHA-1 combination in the digitally signed element was replaced with a single hash negotiated during handshake, which defaults to SHA-1.
Enhancement in the client's and server's ability to specify which hash and signature algorithms they will accept.
Expansion of support for authenticated encryption ciphers, used mainly for Galois/Counter Mode (GCM) and CCM mode of Advanced Encryption Standard encryption.
TLS Extensions definition and Advanced Encryption Standard cipher suites were added.
All TLS versions were further refined in RFC 6176 in March 2011 removing their backward compatibility with SSL such that TLS sessions will never negotiate the use of Secure Sockets Layer (SSL) version 2.0.
http://en.wikipedia.org/wiki/Transport_Layer_Security