Day 1: SSL/TLS History and Threat Model

Phase 1 · May 14, 2026

Agenda (2–3 hours)

• Read (45 min): RFC 8446 §1 Introduction; skim the Wikipedia SSL/TLS history timeline
• Study (45 min): Key protocol versions and their fatal flaws
• Practice (45 min): openssl s_client exploration
• Challenge (30 min): Written exercise

Protocol Lineage

RFC 8996 (2021) formally deprecates TLS 1.0 and 1.1.

TLS Threat Model

TLS is designed to defend against a network adversary who can:

• Read all packets (passive eavesdropping)
• Modify packets in transit (active MITM)
• Inject new packets
• Replay captured packets

TLS provides:

• Confidentiality — traffic is encrypted
• Integrity — tampering is detected
• Authentication — at minimum, server identity is verified

What TLS 1.3 Fixed

• Eliminated static RSA key exchange (no forward secrecy)
• Eliminated CBC mode ciphers (padding oracle attacks)
• Eliminated MD5/SHA-1 in signatures
• Eliminated compression (CRIME attack)
• Eliminated renegotiation (complex, attack surface)
• Reduced handshake to 1-RTT (was 2-RTT)
• Encrypted more of the handshake (ServerHello extensions are encrypted)

Practice Exercise

# Inspect a TLS 1.3 connection
openssl s_client -connect google.com:443 -tls1_3

# Compare with TLS 1.2
openssl s_client -connect google.com:443 -tls1_2

# Show full handshake trace
openssl s_client -connect google.com:443 -msg 2>&1 | head -60

Look for: Protocol: TLSv1.3, cipher suite, certificate chain depth.

Challenge Assignment

Find 3 websites using TLS 1.2 and 3 using TLS 1.3 using openssl s_client.

For each, record:

1. Exact protocol version
2. Cipher suite selected
3. Certificate chain depth
4. Server's certificate CN / SAN

Write 2–3 sentences on what you observe about which servers are still on TLS 1.2 and what types of organizations they tend to be.

Resources

• RFC 8446 §1: rfc-editor.org/rfc/rfc8446
• RFC 8996 (deprecation of 1.0/1.1): rfc-editor.org/rfc/rfc8996
• Cloudflare blog: "An overview of TLS 1.3"