Learn, hack!

URL

https://media.blackhat.com/bh-us-10/whitepapers/Ristic/BlackHat-USA-2010-Ristic-Qualys-SSL-Survey-HTTP-Rating-Guide-wp-v1.pdf

File name

BlackHat-USA-2010-Ristic-Qualys-SSL-Survey-HTTP-Rating-Guide-wp-v1.pdf

File size

312.0 KB

MD5

5b2193b84a5fffc8c371c46073f569aa

SHA1

0a317428c715076559ccf97b052cf957f0ee5b50

SSL (TLS) is the technology that protects the Internet, but very little is actually known about its usage in real-life. How are the many Internet SSL servers configured? Which CA certificates do they use? Which protocols and cipher suites are supported? Answers to even these basic questions were either unavailable, or restricted to the small number of organizations who could afford to fund such research. In this talk we will present the first results of the SSL Survey project, which is the most comprehensive SSL and TLS server configuration survey ever undertaken. By using the deep assessment technology developed at SSL Labs for over a year, we scan and analyze every SSL server on the Internet. In this talk, we will present the assessment methodology, the rationale, as well as the results. The findings will be made freely available to the public. In addition, we will also share the raw data with qualified security researchers. As a bonus, during the talk we will also unveil an updated version of the free online SSL assessment tool, which uses the same assessment technology as the SSL survey itself. SSL Labs (https://www.ssllabs.com), funded by Qualys, is a research effort that focuses on SSL and TLS. Its other projects include: SSL threat model, passive SSL fingerprinting, SSL client capability database, SSL server capability database, and SSL usage tracking.