SSL/TLS attacks: Analysis and evaluation

The Secure Socket Layer /Transport Layer Security (SSL/TLS) provides data confidentiality, integrity and authenticity between two communicating applications. There are many attacks appeared in different versions of SSL/TLS based on vulnerabilities related to the protocol structure and its implementation. This paper presents an analysis and evaluation of some theoretical and practical attacks on SSL/TLS, and divides them to two categories: attacks on Handshake protocol and attack on Record protocol. We evaluate each category based on specific criteria that selected to the current state of the art, such as: Weakness, which identifies the vulnerability of the system, Effect, which identifies the attacker harm the system, and Limitation, to identify the current countermeasures weaknesses.