SSL协议安全缺陷分析

近年来,随着对Internet上传输数据保密性的需要,安全套接字层(SSL)被广泛地使用。SSL协议基于公开密钥技术,提供了一种保护客户端/服务器通信安全的机制。但是,SSL协议仍存在一些安全缺陷,对使用SSL协议的通信带来安全隐患。文中简要介绍了SSL 3.0协议的内容,重点讨论了SSL 3.0协议的安全缺陷并针对缺陷提出了相应的改进方法,为协议的实现提供了参考。

Analysis of the Vulnerabilities of SSL Protocol

The use of secure sockets layer(SSL) on the Internet has grown significantly in recent years as more applications use the Internet to deliver data which require traffic to be confidential.The SSL protocol which is based on the public key technique is intended to provide a mechanism for Internet client/server communications security.However,SSL protocol still has some vulnerabilities, which bring some dangers to Internet communications.Introduce the content of the SSL 3.0 protocol and discuss chiefly several security vulnerabilities and attacks on the protocol.According to these vulnerabilities,also present some improvement suggestions,which give some references to the implementation of the protocol.