As an end user, what risk is there in browsing a public website that uses TLSv1?
Is it safe for an end user to browse a website that only supports TLSv1 (or other insecure ciphers or protocols), given the following:
- it's a publicly accessible website with no sensitive or private data
- it doesn't require user login, credentials or any other user data whatsoever.
So for all intents and purposes, assume the website is intended to be an http:// site, but has an SSL cert installed on it that's out of date by modern security standards.
And by safe, I mean they're not open to some type of exploit, other than MITM of course. By exploit here, I mean there's no way a bad SSL cert could be used to install malware on their machine in anyway, correct?
tls known-vulnerabilities
asked 13 hours ago
Brad ParksBrad Parks
20419
add a comment |
Is it safe for an end user to browse a website that only supports TLSv1 (or other insecure ciphers or protocols), given the following:
- it's a publicly accessible website with no sensitive or private data
- it doesn't require user login, credentials or any other user data whatsoever.
So for all intents and purposes, assume the website is intended to be an http:// site, but has an SSL cert installed on it that's out of date by modern security standards.
And by safe, I mean they're not open to some type of exploit, other than MITM of course. By exploit here, I mean there's no way a bad SSL cert could be used to install malware on their machine in anyway, correct?
tls known-vulnerabilities
asked 13 hours ago
Brad ParksBrad Parks
20419
"only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.
– Steffen Ullrich
3 hours ago
add a comment |
Is it safe for an end user to browse a website that only supports TLSv1 (or other insecure ciphers or protocols), given the following:
- it's a publicly accessible website with no sensitive or private data
- it doesn't require user login, credentials or any other user data whatsoever.
So for all intents and purposes, assume the website is intended to be an http:// site, but has an SSL cert installed on it that's out of date by modern security standards.
And by safe, I mean they're not open to some type of exploit, other than MITM of course. By exploit here, I mean there's no way a bad SSL cert could be used to install malware on their machine in anyway, correct?
tls known-vulnerabilities
asked 13 hours ago
Brad ParksBrad Parks
20419
Is it safe for an end user to browse a website that only supports TLSv1 (or other insecure ciphers or protocols), given the following:
- it's a publicly accessible website with no sensitive or private data
- it doesn't require user login, credentials or any other user data whatsoever.
So for all intents and purposes, assume the website is intended to be an http:// site, but has an SSL cert installed on it that's out of date by modern security standards.
And by safe, I mean they're not open to some type of exploit, other than MITM of course. By exploit here, I mean there's no way a bad SSL cert could be used to install malware on their machine in anyway, correct?
tls known-vulnerabilities
tls known-vulnerabilities
asked 13 hours ago
Brad ParksBrad Parks
20419
asked 13 hours ago
Brad ParksBrad Parks
20419
edited 13 hours ago
Brad Parks
asked 13 hours ago
Brad ParksBrad Parks
20419
asked 13 hours ago
Brad ParksBrad Parks
20419
asked 13 hours ago
Brad ParksBrad Parks
20419
20419
"only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.
– Steffen Ullrich
3 hours ago
add a comment |
"only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.
– Steffen Ullrich
3 hours ago
"only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.
– Steffen Ullrich
3 hours ago
"only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.
– Steffen Ullrich
3 hours ago
add a comment |
2 Answers
2
active
oldest
votes
There is currently no real risk just based on the TLS protocol version for the end user when visiting a site which provides only TLS 1.0 (TLSv1) with a modern browser, i.e. a current version of Chrome, Firefox, Edge or chromium based browsers like Opera. Fortunately browser vendors today actually care about security and if TLS 1.0 would be too insecure it would be switched off or be restricted to only some white-listed sites or only for use with some ciphers.
On the other hand: if a site is still offering only TLS 1.0 you might ask yourself how their relation to security is in general. While there might be some sites which knowingly support only TLS 1.0 it is more likely that they use some old systems or setups which is not able to support TLS 1.2 yet. Given that the most commonly used server-side SSL stack OpenSSL has support of TLS 1.2 since version 1.0.1 released in 2012 and that even OpenSSL 1.0.1 is out of support since some time, it is not unlikely that the owners of the site don't really care about security and that the rest of their infrastructure is outdated too. And that should worry you, not the use of TLS 1.0 by itself.
answered 12 hours ago
Steffen UllrichSteffen Ullrich
114k13197264
7
OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.
– Philipp
8 hours ago
add a comment |
As an end user, probably nothing. The very stage where you are at the communication sequence of a TLS transaction makes it so you are not really vulnerable to anything other than MITM.
Most of the discovered vulnerabilities discovered on the protocol and it's implementation itself, on the other hand, may impact the server responsible for hosting it. Even then, TLSv1 is not nearly as problematic as the older brother, SSL.
If we ever achieve RCE on the SSL/TLS communication phase, we are in serious problems.
answered 13 hours ago
BristranBristran
812
Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.
– Will
2 hours ago
add a comment |
Your Answer
StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});
function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});
}
});
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201429%2fas-an-end-user-what-risk-is-there-in-browsing-a-public-website-that-uses-tlsv1%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
There is currently no real risk just based on the TLS protocol version for the end user when visiting a site which provides only TLS 1.0 (TLSv1) with a modern browser, i.e. a current version of Chrome, Firefox, Edge or chromium based browsers like Opera. Fortunately browser vendors today actually care about security and if TLS 1.0 would be too insecure it would be switched off or be restricted to only some white-listed sites or only for use with some ciphers.
On the other hand: if a site is still offering only TLS 1.0 you might ask yourself how their relation to security is in general. While there might be some sites which knowingly support only TLS 1.0 it is more likely that they use some old systems or setups which is not able to support TLS 1.2 yet. Given that the most commonly used server-side SSL stack OpenSSL has support of TLS 1.2 since version 1.0.1 released in 2012 and that even OpenSSL 1.0.1 is out of support since some time, it is not unlikely that the owners of the site don't really care about security and that the rest of their infrastructure is outdated too. And that should worry you, not the use of TLS 1.0 by itself.
answered 12 hours ago
Steffen UllrichSteffen Ullrich
114k13197264
7
OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.
– Philipp
8 hours ago
add a comment |
There is currently no real risk just based on the TLS protocol version for the end user when visiting a site which provides only TLS 1.0 (TLSv1) with a modern browser, i.e. a current version of Chrome, Firefox, Edge or chromium based browsers like Opera. Fortunately browser vendors today actually care about security and if TLS 1.0 would be too insecure it would be switched off or be restricted to only some white-listed sites or only for use with some ciphers.
On the other hand: if a site is still offering only TLS 1.0 you might ask yourself how their relation to security is in general. While there might be some sites which knowingly support only TLS 1.0 it is more likely that they use some old systems or setups which is not able to support TLS 1.2 yet. Given that the most commonly used server-side SSL stack OpenSSL has support of TLS 1.2 since version 1.0.1 released in 2012 and that even OpenSSL 1.0.1 is out of support since some time, it is not unlikely that the owners of the site don't really care about security and that the rest of their infrastructure is outdated too. And that should worry you, not the use of TLS 1.0 by itself.
answered 12 hours ago
Steffen UllrichSteffen Ullrich
114k13197264
7
OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.
– Philipp
8 hours ago
add a comment |
There is currently no real risk just based on the TLS protocol version for the end user when visiting a site which provides only TLS 1.0 (TLSv1) with a modern browser, i.e. a current version of Chrome, Firefox, Edge or chromium based browsers like Opera. Fortunately browser vendors today actually care about security and if TLS 1.0 would be too insecure it would be switched off or be restricted to only some white-listed sites or only for use with some ciphers.
On the other hand: if a site is still offering only TLS 1.0 you might ask yourself how their relation to security is in general. While there might be some sites which knowingly support only TLS 1.0 it is more likely that they use some old systems or setups which is not able to support TLS 1.2 yet. Given that the most commonly used server-side SSL stack OpenSSL has support of TLS 1.2 since version 1.0.1 released in 2012 and that even OpenSSL 1.0.1 is out of support since some time, it is not unlikely that the owners of the site don't really care about security and that the rest of their infrastructure is outdated too. And that should worry you, not the use of TLS 1.0 by itself.
answered 12 hours ago
Steffen UllrichSteffen Ullrich
114k13197264
There is currently no real risk just based on the TLS protocol version for the end user when visiting a site which provides only TLS 1.0 (TLSv1) with a modern browser, i.e. a current version of Chrome, Firefox, Edge or chromium based browsers like Opera. Fortunately browser vendors today actually care about security and if TLS 1.0 would be too insecure it would be switched off or be restricted to only some white-listed sites or only for use with some ciphers.
On the other hand: if a site is still offering only TLS 1.0 you might ask yourself how their relation to security is in general. While there might be some sites which knowingly support only TLS 1.0 it is more likely that they use some old systems or setups which is not able to support TLS 1.2 yet. Given that the most commonly used server-side SSL stack OpenSSL has support of TLS 1.2 since version 1.0.1 released in 2012 and that even OpenSSL 1.0.1 is out of support since some time, it is not unlikely that the owners of the site don't really care about security and that the rest of their infrastructure is outdated too. And that should worry you, not the use of TLS 1.0 by itself.
answered 12 hours ago
Steffen UllrichSteffen Ullrich
114k13197264
answered 12 hours ago
Steffen UllrichSteffen Ullrich
114k13197264
answered 12 hours ago
Steffen UllrichSteffen Ullrich
114k13197264
answered 12 hours ago
Steffen UllrichSteffen Ullrich
114k13197264
114k13197264
7
OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.
– Philipp
8 hours ago
add a comment |
7
OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.
– Philipp
8 hours ago
7
7
OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.
– Philipp
8 hours ago
OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.
– Philipp
8 hours ago
add a comment |
As an end user, probably nothing. The very stage where you are at the communication sequence of a TLS transaction makes it so you are not really vulnerable to anything other than MITM.
Most of the discovered vulnerabilities discovered on the protocol and it's implementation itself, on the other hand, may impact the server responsible for hosting it. Even then, TLSv1 is not nearly as problematic as the older brother, SSL.
If we ever achieve RCE on the SSL/TLS communication phase, we are in serious problems.
answered 13 hours ago
BristranBristran
812
Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.
– Will
2 hours ago
add a comment |
As an end user, probably nothing. The very stage where you are at the communication sequence of a TLS transaction makes it so you are not really vulnerable to anything other than MITM.
Most of the discovered vulnerabilities discovered on the protocol and it's implementation itself, on the other hand, may impact the server responsible for hosting it. Even then, TLSv1 is not nearly as problematic as the older brother, SSL.
If we ever achieve RCE on the SSL/TLS communication phase, we are in serious problems.
answered 13 hours ago
BristranBristran
812
Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.
– Will
2 hours ago
add a comment |
As an end user, probably nothing. The very stage where you are at the communication sequence of a TLS transaction makes it so you are not really vulnerable to anything other than MITM.
Most of the discovered vulnerabilities discovered on the protocol and it's implementation itself, on the other hand, may impact the server responsible for hosting it. Even then, TLSv1 is not nearly as problematic as the older brother, SSL.
If we ever achieve RCE on the SSL/TLS communication phase, we are in serious problems.
answered 13 hours ago
BristranBristran
812
As an end user, probably nothing. The very stage where you are at the communication sequence of a TLS transaction makes it so you are not really vulnerable to anything other than MITM.
Most of the discovered vulnerabilities discovered on the protocol and it's implementation itself, on the other hand, may impact the server responsible for hosting it. Even then, TLSv1 is not nearly as problematic as the older brother, SSL.
If we ever achieve RCE on the SSL/TLS communication phase, we are in serious problems.
answered 13 hours ago
BristranBristran
812
answered 13 hours ago
BristranBristran
812
answered 13 hours ago
BristranBristran
812
answered 13 hours ago
BristranBristran
812
812
Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.
– Will
2 hours ago
add a comment |
Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.
– Will
2 hours ago
Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.
– Will
2 hours ago
Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.
– Will
2 hours ago
add a comment |
Thanks for contributing an answer to Information Security Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201429%2fas-an-end-user-what-risk-is-there-in-browsing-a-public-website-that-uses-tlsv1%23new-answer', 'question_page');
}
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function () {
StackExchange.helpers.onClickDraftSave('#login-link');
});
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
"only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.
– Steffen Ullrich
3 hours ago