Post Syndicated from original https://lwn.net/Articles/866481/rss

The use of Transport
Layer Security (TLS) encryption is ubiquitous on today’s internet,
though that has largely happened over the last 20 years or so; the first
public version of its predecessor, Secure Sockets Layer (SSL), appeared in
1995. Before then, internet protocols were generally not encrypted, thus providing
fertile ground for various types of “meddler-in-the-middle” (MitM) attacks.
Later on, the
STARTTLS command was added to some protocols as a
backward-compatible way to add TLS support, but the mechanism has suffered from a
number of flaws and vulnerabilities over the years. Some recent research,
going by the name “NO STARTTLS“, describes more, similar
vulnerabilities and concludes that it is probably time to avoid using
STARTTLS altogether.