15

What was SSL 1.0?

SSL 2.0 and 3.0 are well-known and well-documented. But what did the SSL 1.0 protocol look like? Wikipedia says there was a SSL 1.0 but doesn't say anything about how it worked. Why was SSL 1.0 superseded/replaced? Did it have security flaws? If so, what were they?

D.W.
  • 98,420
  • 30
  • 267
  • 572

4 Answers4

10

A quote from SSL and TLS: Theory and Practice - Rolf Oppliger says:

Netscape Communications started to develop the SSL protocol soon after the National Center for Supercomputing Applications (NCSA) released Mosaic 1.0--the first popular Web browser--in 1993. Eight months later, in the middle of 1994, Netscape Communications already completed the design for SSL version 1 (SSL 1.0). This version circulated only internally (i.e., inside Netscape Communications), since it had several shortcomings and flaws. For example, it didn't provide data integrity protection. In combination with the use of the stream cipher RC4 for data encryption, this allowed an adversary to make predictable changes to the plaintext messages. Also, SSL 1.0 did not use sequence numbers, so it was vulnerable to replay attacks. Later on, the designers of SSL 1.0 added sequence numbers and checksums, but still used an overly simple cyclic redundancy check (CRC) instead of a cryptographically strong hash function that is one-way and collision-resistant.

This and a few other problems had to be resolved, and at the end of 1994 Netscape Communications came up with SSL version 2 (SSL 2.0).

Community
  • 1
dr jimbob
  • 38,768
  • 8
  • 92
  • 161
  • Similar to Oracle v1 (https://en.wikipedia.org/wiki/Oracle_Database#History), which was also an internal version not generally released . – JoltColaOfEvil Sep 02 '13 at 11:23
5

Phillip Hallam-Baker has written:

The actual history of SSL was that SSL 1.0 was so bad that Alan Schiffman and myself broke it in ten minutes when Marc Andressen presented it at the MIT meeting.

http://www.metzdowd.com/pipermail/cryptography/2013-October/018041.html

No further details on what exactly the flaws were, though.

D.W.
  • 98,420
  • 30
  • 267
  • 572
1

SSL 1.0 -> around 1994 with Mosaic, got thrown into trash a year later for ssl 2.0. so ssl 1.0 was the first draft, without any RFCs, very Mosaic-Centric.

that guy from over there
  • 3,476
  • 17
  • 26
  • 2
    Yes, that's the part of Wikipedia I alluded to in my question. Unfortunately those links don't seem to answer any of the questions in my question, so I'm still curious what specifically was different or wrong about SSL 1.0. – D.W. Sep 02 '13 at 06:11
-2

Unfortunately SSLv1 is not dead yet. OpenSSL still supports v1 for root certs, e.g. in crypto/x509v3/v3_purp.c. Warning, scary comment ahead!

static int check_ca(const X509 *x)
{
        /* keyUsage if present should allow cert signing */
        if(ku_reject(x, KU_KEY_CERT_SIGN)) return 0;
        if(x->ex_flags & EXFLAG_BCONS) {
                if(x->ex_flags & EXFLAG_CA) return 1;
                /* If basicConstraints says not a CA then say so */
                else return 0;
        } else {
                /* we support V1 roots for...  uh, I don't really know why. */
                if((x->ex_flags & V1_ROOT) == V1_ROOT) return 3;
                /* If key usage present it must have certSign so tolerate it */
                else if (x->ex_flags & EXFLAG_KUSAGE) return 4;
                /* Older certificates could have Netscape-specific CA types */
                else if (x->ex_flags & EXFLAG_NSCERT
                         && x->ex_nscert & NS_ANY_CA) return 5;
                /* can this still be regarded a CA certificate?  I doubt it */
                return 0;
        }
}
Christian Heimes
  • 147
  • 2