Overview#

Deprecating Secure Sockets Layer Version 3.0 (RFC 7568) was released in 1996, the SSLv3 protocol RFC 6101 has been subject to a long series of attacks, both on its key-Exchange mechanism and on the encryption schemes it supports.

Despite being replaced by:

• TLS 1.0 RFC 2246 in 1999
• TLS 1.1 in 2002 RFC 4346
• TLS 1.2 in 2006 RFC 5246

availability of these replacement versions has not been universal. As a result, many implementations of TLS have permitted the negotiation of SSLv3.

The predecessor of SSLv3, SSL version 2, is no longer considered sufficiently secure RFC 6176. SSLv3 now follows.

3. Do Not Use SSL Version 3.0#

SSLv3 MUST NOT be used. Negotiation of SSLv3 from any version of TLS MUST NOT be permitted.

Any version of TLS is more secure than SSLv3, though the highest version available is preferable.

Pragmatically, clients MUST NOT send a ClientHello with ClientHello.client_version set to {03,00}. Similarly, servers MUST NOT send a ServerHello with ServerHello.server_version set to {03,00}. Any party receiving a Hello message with the protocol version set to {03,00} MUST respond with a "protocol_version" alert message and close the connection.

More Information#

There might be more information for this subject on one of the following:

• RFC 7568
• SSLv3