Revisiting SSL: A Large Scale Study of the Internet's Most Trusted Protocol

TitleRevisiting SSL: A Large Scale Study of the Internet's Most Trusted Protocol
Publication TypeTechnical Report
Year of Publication2012
AuthorsAmann, J., Vallentin M., Hall S., & Sommer R.
Other Numbers3378
Abstract

Much of the Internet's end-to-end security relies on the SSL protocolalong with its underlying certificate infrastructure. We offer anin-depth study of real-world SSL and X.509 deployment characteristicsfrom an unprecedented vantage point, based on a data set of more than1.4 billion SSL sessions collected at the border of five operationalsites. Our contributions are two-fold: First, we revisit results frompast work with a recent data set that allows us to reassess previousfindings and identify recent trends. Second, we provide a detailedstudy on a range of further SSL/X.509 deployment properties that havenot yet seen the attention they deserve, including the intricate webof intermediate certificate authority (CA) relationships, characteristics ofSSL session reuse, usageof vendor-specific protocol extensions, and non-standard CA roothierarchies. While in general we find that today's SSL deploymentfunctions well, we also identify new support for the inherentweaknesses of the system. Along the way, we gain deep insight intospecifics and oddities of SSL/X.509 usage, including a surprisingdifficulty of aligning certificate validation with what typicalbrowsers do.

Acknowledgment

This work was partially funded by the Deutscher Akademischer Austausch Dienst (DAAD) through a postdoctoral fellowship.

URLhttp://www.icsi.berkeley.edu/pubs/techreports/ICSI_TR-12-015.pdf
Bibliographic Notes

ICSI Technical Report TR-12-015

Abbreviated Authors

J. Amann, M. Vallentin, S. Hall, and R. Sommer

ICSI Research Group

Networking and Security

ICSI Publication Type

Technical Report