Deprecating Secure Sockets Layer Version 3.0

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Internet Engineering Task Force (IETF)                         R. Barnes
Request for Comments: 7568                                    M. Thomson
Updates: 5246                                                    Mozilla
Category: Standards Track                                     A. Pironti
ISSN: 2070-1721                                                    INRIA
                                                              A. Langley
                                                               June 2015

              Deprecating Secure Sockets Layer Version 3.0


   The Secure Sockets Layer version 3.0 (SSLv3), as specified in RFC
   6101, is not sufficiently secure.  This document requires that SSLv3
   not be used.  The replacement versions, in particular, Transport
   Layer Security (TLS) 1.2 (RFC 5246), are considerably more secure and
   capable protocols.

   This document updates the backward compatibility section of RFC 5246
   and its predecessors to prohibit fallback to SSLv3.

Status of This Memo

   This is an Internet Standards Track document.

   This document is a product of the Internet Engineering Task Force
   (IETF).  It represents the consensus of the IETF community.  It has
   received public review and has been approved for publication by the
   Internet Engineering Steering Group (IESG).  Further information on
   Internet Standards is available in Section 2 of RFC 5741.

   Information about the current status of this document, any errata,
   and how to provide feedback on it may be obtained at .

Site Timeline