As an end user, what risk is there in browsing a public website that uses TLSv1?












18















Is it safe for an end user to browse a website that only supports TLSv1 (or other insecure ciphers or protocols), given the following:




  • it's a publicly accessible website with no sensitive or private data

  • it doesn't require user login, credentials or any other user data whatsoever.


So for all intents and purposes, assume the website is intended to be an http:// site, but has an SSL cert installed on it that's out of date by modern security standards.



And by safe, I mean they're not open to some type of exploit, other than MITM of course. By exploit here, I mean there's no way a bad SSL cert could be used to install malware on their machine in anyway, correct?










share|improve this question




















  • 1





    "only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.

    – Steffen Ullrich
    2 days ago
















18















Is it safe for an end user to browse a website that only supports TLSv1 (or other insecure ciphers or protocols), given the following:




  • it's a publicly accessible website with no sensitive or private data

  • it doesn't require user login, credentials or any other user data whatsoever.


So for all intents and purposes, assume the website is intended to be an http:// site, but has an SSL cert installed on it that's out of date by modern security standards.



And by safe, I mean they're not open to some type of exploit, other than MITM of course. By exploit here, I mean there's no way a bad SSL cert could be used to install malware on their machine in anyway, correct?










share|improve this question




















  • 1





    "only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.

    – Steffen Ullrich
    2 days ago














18












18








18


1






Is it safe for an end user to browse a website that only supports TLSv1 (or other insecure ciphers or protocols), given the following:




  • it's a publicly accessible website with no sensitive or private data

  • it doesn't require user login, credentials or any other user data whatsoever.


So for all intents and purposes, assume the website is intended to be an http:// site, but has an SSL cert installed on it that's out of date by modern security standards.



And by safe, I mean they're not open to some type of exploit, other than MITM of course. By exploit here, I mean there's no way a bad SSL cert could be used to install malware on their machine in anyway, correct?










share|improve this question
















Is it safe for an end user to browse a website that only supports TLSv1 (or other insecure ciphers or protocols), given the following:




  • it's a publicly accessible website with no sensitive or private data

  • it doesn't require user login, credentials or any other user data whatsoever.


So for all intents and purposes, assume the website is intended to be an http:// site, but has an SSL cert installed on it that's out of date by modern security standards.



And by safe, I mean they're not open to some type of exploit, other than MITM of course. By exploit here, I mean there's no way a bad SSL cert could be used to install malware on their machine in anyway, correct?







tls known-vulnerabilities






share|improve this question















share|improve this question













share|improve this question




share|improve this question








edited 2 days ago







Brad Parks

















asked 2 days ago









Brad ParksBrad Parks

25429




25429








  • 1





    "only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.

    – Steffen Ullrich
    2 days ago














  • 1





    "only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.

    – Steffen Ullrich
    2 days ago








1




1





"only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.

– Steffen Ullrich
2 days ago





"only supports TLSv1 ... but has an SSL cert installed on it that's out of date by modern security standards." - The SSL certificate has (almost) nothing to do with the TLS protocol version, i.e. the same certificate can be used with TLS 1.0 and TLS 1.2. "...or other insecure ciphers or protocols ..." - similarly, ciphers have not much to do with protocols too. While there are some ciphers introduced with TLS 1.2 the ciphers available for TLS 1.0 are also available for use with TLS 1.2. It is a bit different with TLS 1.3 though.

– Steffen Ullrich
2 days ago










2 Answers
2






active

oldest

votes


















27














There is currently no real risk just based on the TLS protocol version for the end user when visiting a site which provides only TLS 1.0 (TLSv1) with a modern browser, i.e. a current version of Chrome, Firefox, Edge or chromium based browsers like Opera. Fortunately browser vendors today actually care about security and if TLS 1.0 would be too insecure it would be switched off or be restricted to only some white-listed sites or only for use with some ciphers.



On the other hand: if a site is still offering only TLS 1.0 you might ask yourself how their relation to security is in general. While there might be some sites which knowingly support only TLS 1.0 it is more likely that they use some old systems or setups which is not able to support TLS 1.2 yet. Given that the most commonly used server-side SSL stack OpenSSL has support of TLS 1.2 since version 1.0.1 released in 2012 and that even OpenSSL 1.0.1 is out of support since some time, it is not unlikely that the owners of the site don't really care about security and that the rest of their infrastructure is outdated too. And that should worry you, not the use of TLS 1.0 by itself.






share|improve this answer



















  • 11





    OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.

    – Philipp
    2 days ago





















4














As an end user, probably nothing. The very stage where you are at the communication sequence of a TLS transaction makes it so you are not really vulnerable to anything other than MITM.



Most of the discovered vulnerabilities discovered on the protocol and it's implementation itself, on the other hand, may impact the server responsible for hosting it. Even then, TLSv1 is not nearly as problematic as the older brother, SSL.



If we ever achieve RCE on the SSL/TLS communication phase, we are in serious problems.






share|improve this answer



















  • 3





    Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.

    – Will
    2 days ago











  • My other use cases is for a web crawler that I'd like to be able to crawl any websites at all, regardless of the robustness of the certificate that's there. I didn't think there'd be any exploit that would affect the crawler, but wanted to double check the thinking, since there is a negotiation, and a payload of sorts is sent back to the client. So that's why MITM isn't really a concern, for this use case at least, which I do realize is not the main question at hand ;-)

    – Brad Parks
    13 hours ago











Your Answer








StackExchange.ready(function() {
var channelOptions = {
tags: "".split(" "),
id: "162"
};
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function() {
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled) {
StackExchange.using("snippets", function() {
createEditor();
});
}
else {
createEditor();
}
});

function createEditor() {
StackExchange.prepareEditor({
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader: {
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
},
noCode: true, onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
});


}
});














draft saved

draft discarded


















StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201429%2fas-an-end-user-what-risk-is-there-in-browsing-a-public-website-that-uses-tlsv1%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown

























2 Answers
2






active

oldest

votes








2 Answers
2






active

oldest

votes









active

oldest

votes






active

oldest

votes









27














There is currently no real risk just based on the TLS protocol version for the end user when visiting a site which provides only TLS 1.0 (TLSv1) with a modern browser, i.e. a current version of Chrome, Firefox, Edge or chromium based browsers like Opera. Fortunately browser vendors today actually care about security and if TLS 1.0 would be too insecure it would be switched off or be restricted to only some white-listed sites or only for use with some ciphers.



On the other hand: if a site is still offering only TLS 1.0 you might ask yourself how their relation to security is in general. While there might be some sites which knowingly support only TLS 1.0 it is more likely that they use some old systems or setups which is not able to support TLS 1.2 yet. Given that the most commonly used server-side SSL stack OpenSSL has support of TLS 1.2 since version 1.0.1 released in 2012 and that even OpenSSL 1.0.1 is out of support since some time, it is not unlikely that the owners of the site don't really care about security and that the rest of their infrastructure is outdated too. And that should worry you, not the use of TLS 1.0 by itself.






share|improve this answer



















  • 11





    OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.

    – Philipp
    2 days ago


















27














There is currently no real risk just based on the TLS protocol version for the end user when visiting a site which provides only TLS 1.0 (TLSv1) with a modern browser, i.e. a current version of Chrome, Firefox, Edge or chromium based browsers like Opera. Fortunately browser vendors today actually care about security and if TLS 1.0 would be too insecure it would be switched off or be restricted to only some white-listed sites or only for use with some ciphers.



On the other hand: if a site is still offering only TLS 1.0 you might ask yourself how their relation to security is in general. While there might be some sites which knowingly support only TLS 1.0 it is more likely that they use some old systems or setups which is not able to support TLS 1.2 yet. Given that the most commonly used server-side SSL stack OpenSSL has support of TLS 1.2 since version 1.0.1 released in 2012 and that even OpenSSL 1.0.1 is out of support since some time, it is not unlikely that the owners of the site don't really care about security and that the rest of their infrastructure is outdated too. And that should worry you, not the use of TLS 1.0 by itself.






share|improve this answer



















  • 11





    OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.

    – Philipp
    2 days ago
















27












27








27







There is currently no real risk just based on the TLS protocol version for the end user when visiting a site which provides only TLS 1.0 (TLSv1) with a modern browser, i.e. a current version of Chrome, Firefox, Edge or chromium based browsers like Opera. Fortunately browser vendors today actually care about security and if TLS 1.0 would be too insecure it would be switched off or be restricted to only some white-listed sites or only for use with some ciphers.



On the other hand: if a site is still offering only TLS 1.0 you might ask yourself how their relation to security is in general. While there might be some sites which knowingly support only TLS 1.0 it is more likely that they use some old systems or setups which is not able to support TLS 1.2 yet. Given that the most commonly used server-side SSL stack OpenSSL has support of TLS 1.2 since version 1.0.1 released in 2012 and that even OpenSSL 1.0.1 is out of support since some time, it is not unlikely that the owners of the site don't really care about security and that the rest of their infrastructure is outdated too. And that should worry you, not the use of TLS 1.0 by itself.






share|improve this answer













There is currently no real risk just based on the TLS protocol version for the end user when visiting a site which provides only TLS 1.0 (TLSv1) with a modern browser, i.e. a current version of Chrome, Firefox, Edge or chromium based browsers like Opera. Fortunately browser vendors today actually care about security and if TLS 1.0 would be too insecure it would be switched off or be restricted to only some white-listed sites or only for use with some ciphers.



On the other hand: if a site is still offering only TLS 1.0 you might ask yourself how their relation to security is in general. While there might be some sites which knowingly support only TLS 1.0 it is more likely that they use some old systems or setups which is not able to support TLS 1.2 yet. Given that the most commonly used server-side SSL stack OpenSSL has support of TLS 1.2 since version 1.0.1 released in 2012 and that even OpenSSL 1.0.1 is out of support since some time, it is not unlikely that the owners of the site don't really care about security and that the rest of their infrastructure is outdated too. And that should worry you, not the use of TLS 1.0 by itself.







share|improve this answer












share|improve this answer



share|improve this answer










answered 2 days ago









Steffen UllrichSteffen Ullrich

114k13199264




114k13199264








  • 11





    OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.

    – Philipp
    2 days ago
















  • 11





    OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.

    – Philipp
    2 days ago










11




11





OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.

– Philipp
2 days ago







OpenSSL 1.0.1 was the version with the infamous heartbleed bug. When the bug was discovered, some people might have opted to downgrade to the last good version (1.0.0) instead of applying the not yet thoroughly tested patch. Makes you wonder, though, how they never bothered to replace that temporary crutch and return to the most recent version.

– Philipp
2 days ago















4














As an end user, probably nothing. The very stage where you are at the communication sequence of a TLS transaction makes it so you are not really vulnerable to anything other than MITM.



Most of the discovered vulnerabilities discovered on the protocol and it's implementation itself, on the other hand, may impact the server responsible for hosting it. Even then, TLSv1 is not nearly as problematic as the older brother, SSL.



If we ever achieve RCE on the SSL/TLS communication phase, we are in serious problems.






share|improve this answer



















  • 3





    Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.

    – Will
    2 days ago











  • My other use cases is for a web crawler that I'd like to be able to crawl any websites at all, regardless of the robustness of the certificate that's there. I didn't think there'd be any exploit that would affect the crawler, but wanted to double check the thinking, since there is a negotiation, and a payload of sorts is sent back to the client. So that's why MITM isn't really a concern, for this use case at least, which I do realize is not the main question at hand ;-)

    – Brad Parks
    13 hours ago
















4














As an end user, probably nothing. The very stage where you are at the communication sequence of a TLS transaction makes it so you are not really vulnerable to anything other than MITM.



Most of the discovered vulnerabilities discovered on the protocol and it's implementation itself, on the other hand, may impact the server responsible for hosting it. Even then, TLSv1 is not nearly as problematic as the older brother, SSL.



If we ever achieve RCE on the SSL/TLS communication phase, we are in serious problems.






share|improve this answer



















  • 3





    Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.

    – Will
    2 days ago











  • My other use cases is for a web crawler that I'd like to be able to crawl any websites at all, regardless of the robustness of the certificate that's there. I didn't think there'd be any exploit that would affect the crawler, but wanted to double check the thinking, since there is a negotiation, and a payload of sorts is sent back to the client. So that's why MITM isn't really a concern, for this use case at least, which I do realize is not the main question at hand ;-)

    – Brad Parks
    13 hours ago














4












4








4







As an end user, probably nothing. The very stage where you are at the communication sequence of a TLS transaction makes it so you are not really vulnerable to anything other than MITM.



Most of the discovered vulnerabilities discovered on the protocol and it's implementation itself, on the other hand, may impact the server responsible for hosting it. Even then, TLSv1 is not nearly as problematic as the older brother, SSL.



If we ever achieve RCE on the SSL/TLS communication phase, we are in serious problems.






share|improve this answer













As an end user, probably nothing. The very stage where you are at the communication sequence of a TLS transaction makes it so you are not really vulnerable to anything other than MITM.



Most of the discovered vulnerabilities discovered on the protocol and it's implementation itself, on the other hand, may impact the server responsible for hosting it. Even then, TLSv1 is not nearly as problematic as the older brother, SSL.



If we ever achieve RCE on the SSL/TLS communication phase, we are in serious problems.







share|improve this answer












share|improve this answer



share|improve this answer










answered 2 days ago









BristranBristran

912




912








  • 3





    Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.

    – Will
    2 days ago











  • My other use cases is for a web crawler that I'd like to be able to crawl any websites at all, regardless of the robustness of the certificate that's there. I didn't think there'd be any exploit that would affect the crawler, but wanted to double check the thinking, since there is a negotiation, and a payload of sorts is sent back to the client. So that's why MITM isn't really a concern, for this use case at least, which I do realize is not the main question at hand ;-)

    – Brad Parks
    13 hours ago














  • 3





    Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.

    – Will
    2 days ago











  • My other use cases is for a web crawler that I'd like to be able to crawl any websites at all, regardless of the robustness of the certificate that's there. I didn't think there'd be any exploit that would affect the crawler, but wanted to double check the thinking, since there is a negotiation, and a payload of sorts is sent back to the client. So that's why MITM isn't really a concern, for this use case at least, which I do realize is not the main question at hand ;-)

    – Brad Parks
    13 hours ago








3




3





Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.

– Will
2 days ago





Not really vulnerable to anything other than MITM??? In most/many cases that would be a fatal security breakdown.

– Will
2 days ago













My other use cases is for a web crawler that I'd like to be able to crawl any websites at all, regardless of the robustness of the certificate that's there. I didn't think there'd be any exploit that would affect the crawler, but wanted to double check the thinking, since there is a negotiation, and a payload of sorts is sent back to the client. So that's why MITM isn't really a concern, for this use case at least, which I do realize is not the main question at hand ;-)

– Brad Parks
13 hours ago





My other use cases is for a web crawler that I'd like to be able to crawl any websites at all, regardless of the robustness of the certificate that's there. I didn't think there'd be any exploit that would affect the crawler, but wanted to double check the thinking, since there is a negotiation, and a payload of sorts is sent back to the client. So that's why MITM isn't really a concern, for this use case at least, which I do realize is not the main question at hand ;-)

– Brad Parks
13 hours ago


















draft saved

draft discarded




















































Thanks for contributing an answer to Information Security Stack Exchange!


  • Please be sure to answer the question. Provide details and share your research!

But avoid



  • Asking for help, clarification, or responding to other answers.

  • Making statements based on opinion; back them up with references or personal experience.


To learn more, see our tips on writing great answers.




draft saved


draft discarded














StackExchange.ready(
function () {
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsecurity.stackexchange.com%2fquestions%2f201429%2fas-an-end-user-what-risk-is-there-in-browsing-a-public-website-that-uses-tlsv1%23new-answer', 'question_page');
}
);

Post as a guest















Required, but never shown





















































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown

































Required, but never shown














Required, but never shown












Required, but never shown







Required, but never shown







Popular posts from this blog

"Incorrect syntax near the keyword 'ON'. (on update cascade, on delete cascade,)

Alcedinidae

Origin of the phrase “under your belt”?