File:20140409-SSL TLS jungle-Dobinrutis.pdf

The protocols SSL and TLS are widely used to ensure confidentiality and integrity of data transmitted over insecure networks. As every implementation of crypto algorithms, they come in different versions, and can contain a multitude of errors, faults and configuration options. This talk will shed some light into SSL/TLS basics, and will discuss topics like the secure configuration of the TLS/SSL stack regarding to attacks like BEAST or PRISM, what the impact of Perfect Forward Secrecy is or why nobody should use RC4.