Consider the following statement:
The secure socket layer (SSL) protocol allows for secure
communication
between a client and a server.
There are known flaws in the SSLv2 protocol. A
man-in-the-middle attacker can
force the communication to a less secure level and then
attempt break the
encryption. The attacker can also truncate encrypted
messages.
These flaws have been fixed in SSLv3 (TLSv1). Most servers and
clients support
both SSLv2 and SSLv3. However, SSLv2 is enabled by default for
backward
compatibility.
Answer the following questions,
a) Find out the impact in the above statement.
b) What is the solution?
c) Do you think SSLv3 is more secure? Justify your
answer.