The History of SSL/TLS: Part 3 – SSL Version 1.0

The History of SSL/TLS: Part 3 – SSL Version 1.0

In today’s part of this series we go on an archaeological expedition into the early days of the internet. More precisely, we travel to Mountain View in California in 1994. The first version of today’s TLS standard, SSL Version 1.0, was developed in the offices of the Netscape Corporation.

SSL version 1.0: A draft in 1994

Today we look at how the first version of today’s SSL and TLS standard was developed and released. In this case it is really a kind of archaeological expedition, which unfortunately over the years has not received much detailed information about the programming of SSL and its security. After all, this is a time in which even the private Internet is still in its infancy. We are talking about 16 million Internet users worldwide. That sounds quite a lot at first, but one should keep in mind that today we are talking about 69 million users in Germany alone and 3.26 billion worldwide.

From the idea of S-HTTP the later Firefox developers at Netscape developed their own project. They wanted to develop a protocol that establishes an encrypted connection on a network layer below the application layer. So they developed with the Secure Socket Layer a “network layer” above the TCP/IP protocols but still below HTTP.

The development of SSL version 1.0 was now completed by Netscape in mid-1994 and passed on internally for further control.

Cryptography is inherently complex and so also SSL version 1.0

Unfortunately, many of the developers at Netscape at that time lacked many years of experience in developing cryptographic protocols and procedures and therefore found some basic bugs in SSL version 1.0. In general, we would like to point out once again that the development of encryption methods and their programming can only be carried out reliably by a few professionals. As a small thumb formal you should simply remember the following:

With products or services that have their own encryption, something always goes wrong, so these should be avoided .

Overall, two critical security issues were identified in SSL version 1.0, making it impossible for Netscape to publish SSL in its then state.

History of SSL vulnerabilities: Missing sequence number

One of the two big conceptual errors of the first SSL version was missing sequence numbers. A message sent over the Internet always consists of several smaller packets. These are put together again by the receiver to a whole message. Now the sequence numbers were missing in the first version of SSL, which means that packets can be sent and received as often as desired without the recipient being able to recognize them. Such a kind of protocol vulnerability is called replay attack.

A replay attack can be imagined as a user logging on to a website with his password and username via an SSL-encrypted connection. In this case, an attacker who overhears this user cannot read the password and the user name because both are encrypted. The problem with a replay attack is that the attacker doesn’t have to read the data, he simply cuts everything that the normal user sends and sends exactly the same again. Due to the missing sequence numbers, the website cannot recognize that someone has already logged in with exactly the same requests and data and thus logs in the attacker.

History of SSL vulnerabilities: Lack of data integrity protection

In the first part of our series we already talked about the protection goals of TLS and SSL. One of them was integrity. This means that the recipient can be sure that the data received has not been altered during transmission. In the case of SSL version 1.0 there were unfortunately a few problems with the use of the necessary signature procedures in combination with the encryption RC4. What made it possible for an attacker to manipulate specific parts of messages without the recipient being able to detect them.

An attacker who was in the same W-Lan or network as the victim was able to exchange parts of messages, he would have been able to manipulate the account number via SSL version 1.0. This would have allowed the victim to send his transfer to the attacker without noticing.

Due to the vulnerabilities described above, the first version of Secure Socket Layer (SSL) was never released. Nevertheless, Netscape continued to work feverishly on its protocol to secure HTTP connections and released a new version in the same year (end of 1994): SSL – Version 2.0.

Photo of author

Chris Wojzechowski

Mein Name ist Chris Wojzechowski und ich habe vor wenigen Jahren meinen Master in Internet-Sicherheit in Gelsenkirchen studiert. Ich bin geschäftsführender Gesellschafter der AWARE7 GmbH und ausgebildeter IT-Risk Manager, IT-Grundschutz Praktiker (TÜV) und besitze die Prüfverfahrenskompetenz für § 8a BSIG. Unser Brot und Buttergeschäft ist die Durchführung von Penetrationstests. Wir setzen uns darüber hinaus für ein breites Verständnis für IT-Sicherheit in Europa ein und bieten aus diesem Grund den Großteil unserer Produkte kostenfrei an.