Mid 1994

Original SSL protocol was developed at Netscape but due to its security flaws version 1.0 was never released.

November 1994

Netscape develops SSL v2, an encryption protocol designed to support the Web as a hot new commerce platform.This first secure protocol version shipped in Netscape Navigator 1.1 in March 1995.

November 1995

SSL v2 is shot down because of serious security issues. Consequently, Netscape scrambles to release SSLv3. This protocol seems good enough for now and the golden era of the Web begins. The specification was eventually published as RFC 6101.

January 1999

In 1996, an IETF working group is formed to standardize SSL. Even though the resulting protocol is almost identical to SSL v3, the process takes 3 years. TLS v1.0 is published as RFC 2246. Microsoft forces the change of protocol name to Transport Layer Security (TLS), creating a confusion that continues to this day.

April 2006

A new version of TLS is released as RFC 5246, although hardly anyone notices. A major new feature in this version is authenticated (AEAD) encryption, which removes the need for streaming and block ciphers (and thus the inherently vulnerable CBC mode).

December 2008

A group of researchers led by Alex Sotirov and Marc Stevens exploit MD5 weaknesses to trick RapidSSL into effectively giving them their own CA certificate, which they could use to issue certificates for any web site in the world. They backdate the root certificate to prevent abuse. MD5 is promptly retired. Full collisions in MD5 were discovered several years earlier, in 2004, but most the world ignored the finding, eventually prompting the researchers to take action.

August 2009

Marsh Ray discovers that, via renegotiation, one TCP connection can be used for two separate TLS channels. Critically, from the server perspective, there's only one data stream. Abuses are possible when one stream belongs to the user and another stream belongs to the victim.

August 2009

Moxie Marlinspike releases sslstrip to demonstrate bypassing encryption by hijacking plaintext communication and tricking end users into believing they are safe.

August 2009

At the Black Hat conference in the US, Dan Kaminsky and Moxie Marlinspike independently demonstrate silent MITM attacks made possible by incorrect handling of the NUL byte in the major SSL/TLS stacks.

March 2011

The IETF attempts to formally deprecate SSL v2 by publishing RFC 6176. According to reports, 54% HTTPS servers supported this obsolete protocol version in 2011.

June 2011

The BEAST attack is released to exploit predictable IVs in TLS 1.0. Even though this problem had been fixed in TLS 1.1 released in 2006 and TLS 1.2 in 2008, no one actually uses these newer protocol versions. Browsers will take about 2 more years to deploy TLS 1.2 and servers many years longer. We have no choice but to rely on browser counter-measures in the meantime. BEAST is the first attack to show how rich browser functionality can be abused to attack cryptography from multiple vantage points. Many similar attacks will follow.

November 2011

In a major improvement, Google deploys forward secrecy, making sure private key compromises can't be used to retroactively uncover captured encrypted traffic.

March 2011

Servers hacked by "Comodohacker", an Iranian student halting the issuance of certifcates.

May 2012

The Iranian CERT discloses the existence of Flame, a malware used in targeted cyber attacks against Iran. Flame is possibly the first cyberweapon that could have operated as early as 2007. In a stunning turn of events, it transpired that Flame exploited an MD5 collision of its own to obtain a fraudulent CA certificate.

August 2012

As CPU power continues to increase, low-strength private keys are coming under threat. Microsoft updated Windows to start blocking RSA keys weaker than 1024 bits.

September 2012

Duong and Rizzo strike again with a working exploit against TLS compression,just when some browsers begin to support it. The offending functionality is quickly rolled back.

February 2013

AlFardan and Paterson publish Lucky 13, their attack on CBC suites. In TLS, block encryption is designed to authenticate plaintext (rather than ciphertext), which creates an opportunity for the attacker to execute padding oracle attacks.

March 2013

New attacks against RC4 are discovered. Previously, it was thought that RC4 weaknesses don't affect TLS much, but that was shown to be wrong. This research marks the death of RC4, although it will take a couple of years before it actually happens.

March 2013

Google launches Certificate Transparency (CT), which is a long-term effort to have a public record of all public certificates.

March 2013

Tal Be'ery presents TIME, a way of abusing information leakage stemming from HTTP compression (and then encryption).

May 2013

Edward Snowden releases thousands of classified NSA documents to selected journalists, changing the public's perspective of the Internet forever. We eventually realise the extent of passive monitoring of plaintext communication.

August 2013

The BREACH attack also exploits HTTP compression that's used before encryption. This attack is released with a PoC tool that retrieves CSRF tokens from real sites in less than a minute. Although not easy to exploit, compression before encryption remains a real problem for all web applications.

August 2013

Although TLS 1.2 seems good enough for now, it's clear that it can't support the next few decades of Internet evolution. Thus, work on the next-generation encryption protocol begins.

October 2013

After a long time, another AEAD encryption is introduced to the ecosystem when Google starts to use ChaCha20-Poly1305 TLS suites. These suites will later be standardised for everyone to deploy.

March 2014

New research called Triple Handshake Attack is published and renegotiation in TLS needs to be fixed again. The attack is quite exciting, but doesn't have much practical impact.

April 2014

A critical vulnerability in OpenSSL, a very widely used TLS library, is discovered. If exploited, Heartbleed enables attackers to retrieve process memory from vulnerable servers, often resulting in private key compromise. Because of tremendous hype associated with the attack, most public servers fix the vulnerability practically overnight. A long tail of vulnerable devices remains, though. Heartbleed's biggest contribution is showing the world how severely underfunded the OpenSSL project was in its 20 years of existence. In the following months, large organisations start contributing to the project and a big cleanup begins.

August 2014

Christopher Meyer et al. present their new research, applying the Bleichenbacher attach from 1998 to the modern TLS stacks.

September 2014

BERserk is an RSA signature forgery attack due to incorrect parsing of ASN. 1 in Mozilla NSS. It's a modern example of the Bleichenbacher attack.

October 2014

It is discovered that SSL v3 doesn't actually have a defence against padding oracle attacks. Fortunately, attacks are generally not that easy to carry out and most of the world can use better protocols. Most sites realise they can turn off this older protocol version without anyone noticing. In response to POODLE, browsers stop falling back to SSL v3 on TLS connection failure.

December 2014

Shortly thereafter, it is discovered that, even though TLS 1.0 does have built-in defences against padding oracle attacks, some implementations don't implement them correctly. This new problem is named POODLE TLS. This discovery shines light on the fact that most protocol implementations aren't tested in adversarial conditions.

February 2015

The IETF publishes RFC 7465 to formally prohibit usage of the weak but ever-popular RC4 cipher.

March 2015

SMACK is an acronym for State Machine AttaCKs. It targets weaknesses in the implementations of the TLS state machine in various libraries.

March 2015

The researchers behind the FREAK attack disclose that any server using export cryptography can be exploited via a flaw in many client TLS implementations. Initially it was thought that the problem exists only with OpenSSL, but Schannel and Secure Transport were later found to be vulnerable too.

April 2015

After many years of discussions, RFC 7469 is released to enable any to use public key pinning to protect themselves from fraudulently-issued certificates.

April 2015

A defence against protocol downgrade attacks is published as RFC 7507. The reactions are mixed; Chrome and Firefox decide to support it, but Microsoft doesn't like the idea.

May 2015

Logjam is an attack against weak Diffie-Hellman key exchange which is used by some servers. In essence, an active network attacker forces use of a weak cipher suite (e.g., a suite that uses 512-bit DH parameters) then breaks the connection in real-time.

June 2015

After POODLE, the IETF deprecates SSL v3 in RFC 7568.

July 2015

In two blog posts, titled There are more POODLEs in the forest and The POODLE has friends, researcher and TLS developer Yngve Nysæter Pettersen published results of his research into TLS implementation problems similar to the POODLE attack.

January 2016

The Crypto Forum Research Group (CFRG) releases RFC 7748 to standardise two new elliptic curves, Curve25519 and Curve448. These curves are not only modern and forward-looking, but will help those are not comfortable relying on the controversial NIST curves.

January 2016

Researchers from INRIA demonstrate SLOTH (Security Losses from Obsolete and Truncated Transcript Hashes, CVE-2015-7575), which exploits the fact that many clients and servers continue to support RSA-MD5 signatures, even though they are now considered insecure.

February 2016

Previous versions of SSL and TLS were either rushed (SSL v2 and SSL v3) or maintenance efforts (TLS v1.0-v1.2). With TLS v1.3, the working group is taking a different approach; after more than two years in development, a workshop is held to carefully analyse the new designs.

June 2016

In an important step to show the world that RC4 and SSLv3 are no longer needed, Google switches off these obsolete encryption features.

July 2016

Blaming the complexities of their infrastructure for the delay, Google finally announce enabling HSTS on www.google.com.

August 2016

A new attack called Sweet32 emphasizes the weaknesses of ciphers that use 64-bit blocks, exploited via the Birthday paradox. Ciphers such as 3DES and Blowfish (the default in OpenVPN) are affected.

October 2016

Mozilla announced that more than 50% of their page loads are now delivered over HTTPS.

April 2018

From April 2018 Chrome requires that all publicly issued certificates support Certificate Transparency.

July 2018

From July 2018, PCI-compliant merchants must not support TLS 1.0. Originally, this date was intended to be in July 2016, but that was not realistic because of too many users relying on obsolete technology that doesn't support modern protocols.

August 2018

On March 21st, 2018, TLS 1.3 has was finalized, after going through 28 drafts. And as of August 2018, the final version of TLS 1.3 is now published (RFC 8446). It is based on the earlier TLS 1.2 specification.

October 2018

Firefox (63) and Chrome (70) shipped with final version of TLS1.3 for outgoing connections.

February 2019

The attack leverages a side-channel leak via cache access timings of these implementations in order to break the RSA key exchanges of TLS implementations.

February 2020

Let's Encrypt has issued over billion certificates since its inception. Billionth one being issued on February 27th, 2020.

February 2020

How the CIA used Crypto AG, a Swiss company, to compromise the security of many nations. https://www.washingtonpost.com/graphics/2020/world/national-security/cia-crypto-encryption-machines-espionage/

March 2020

Mozilla Firefox will require user intervention to connect to websites using the TLS 1.0 or 1.1 protocol from March 2020 as compliance to PCI Data Security Standards.

17 September 2020

On Thursday, September 3rd, 2020, Let’s Encrypt issued six new certificates: one root, four intermediates, and one cross-sign. These new certificates are part of our larger plan to improve privacy on the web, by making ECDSA end-entity certificates widely available, and by making certificates smaller.

December 2020

DigiCert IoT Device Manager™ now enables manufacturers to embed certificates on chips prior to manufacturing and generate certificate requests directly from an edge device.

December 2020

LE developed a way for older Android devices to retain their ability to visit sites that use Let’s Encrypt certificates after our cross-signed intermediates expire.

March 2021

The Internet Engineering Task Force has published RFC 8996, which formally deprecates Transport Layer Security (TLS) versions 1.0 (RFC 2246) and 1.1 (RFC 4346).

April 2021

Certificates issued between April 21 and April 27 2021, will not work in said verisons due to buypassing of new requirements by Godaddy. There are over 7600 SSL certificates and Safari will show an error saying "This Connection is Not Private" More Info

July 2021

Mozilla Firefox has removed the support of FTP from version 90 onwards. Chrome has already removed the support of FTP. https://www.mozilla.org/en-US/firefox/90.0/releasenotes/

September 2021

Let’s Encrypt certificates cover 4.5 million domains for Shopify. That means a more secure and privacy-respecting Web for all of Shopify’s merchants who, in 2020, created $307 billion in economic impact around the world. And it means a more secure Web for everyone visiting and engaging with a Shopify merchant.

September 2021

Apple is depreciating TLS 1.0 and 1.1 in both iOS and macOS. Currently, TLS 1.0 and 1.1 are not supported in iOS 15 and macOS 12, but all support will be removed in the future.

October 2021

The NSA recommended that organizations inventory the current scope of wildcard certificates in use and, going forward, limit the use of wildcard certificates to avoid this type of attack.

December 2021

Every version of Windows is at risk due to a scary zero-day vulnerability after Microsoft failed to properly patch a similar flaw, a cybersecurity researcher claims.

December 2021

OVHcloud, the largest hosting provider in Europe, has used Let’s Encrypt for TLS certificates since 2016. Over 10,000 certificates are issued from Let’s Encrypt to OVHcloud every day. As the company continues to expand into North America, they predict that number will grow.

February 2022

LE receives $1M grant from The Ford Foundation supports ISRG’s security and privacy mission.

April 2022

On April 13, 2022, the Real World Crypto steering committee presented the Max Levchin Prize for Real-World Cryptography to Let’s Encrypt.

December 2022

The concept of ACME-CAA is extremely simple; the CAA record is extended so that rather than naming a CA, it names a specific account at a specific CA. In short, this means that only someone with your ACME account private key can obtain certificates.

December 2022

After TrustCor CA's trsutworthiness issue, major organisations have distrusted the former CA. This will cause all the certificates issued by TrustCor CA to be identified as untrsuted.

However, updating the root CA store for mobile devices takes time therefore certificate store changes will be updated in Android 14 release.

December 2022

Independent security researcher find administrative issues in security panel of Turkish CA. Apparently everything is written in Turkish and this can be easily exploited by bad actors.

December 2022

Trust Asia Log2024-2 (https://ct2024.trustasia.com/log2024) having completed their application and successfully undergone compliance monitoring.

December 2022

In current versions of Microsoft Edge, both the certificate trust list and the certificate verifier logic are provided by underlying operating system (OS) platform and future versions of Microsoft Edge, both the certificate trust list and the certificate verifier will be provided by and shipped with the browser. This will decouple the list and verifier from the host operating system’s root store.

December 2022

https://www.abetterinternet.org/documents/2022-ISRG-Annual-Report.pdf

March 2023

Over 1,50,000 certificates issued between March 15 or 16, 2023 will not load due to an incident that happened at sectigo a CT Logger. The migration was mostly successful, except for one rather significant problem: the new log software had been configured with the private key of a test log called "Dodo".
The problem was there for a 20 hour window. Although the CAs should have Sabre's publick key to validate the SCT signature but certificate authorities are prone to sloppiness and shortcut-taking.

March 2021

Certificates issued between April 21 and April 27 2021, will not work in said verisons due to buypassing of new requirements by Godaddy. There are over 7600 SSL certificates and Safari will show an error saying "This Connection is Not Private" More Info