Comment by mcpherrinm

Comment by mcpherrinm 21 hours ago

1 reply

View on Hacker News

The main difference is in the padding. When the POODLE attack was pre-announced as only affecting SSL3 and not TLS1.0, that was enough to predict it was going to be a padding oracle.

I think it’s fair to say they’re very similar, with a few “bug fixes”. It’s been a while since I’ve thought about either though, and might be forgetting a few things. I’ve only ever implemented SSL3 and TLS1.0 together, so there may be some details I’m forgetting.

nextgens 17 hours ago

TLS1.0 introduced modularity via the concept of "extensions". It's everything but a minor evolution of the protocol.

Reply View 0 replies