Knowing the Heartbleed Bug by Mirko Raimondi The Secure Sockets Layer (SSL) is a protocol described in RFC 6101, it’s used for managing the security of a message transmissions on the Internet. SSL has been succeeded by Transport Layer Security (TLS), described in RFC 5246, which is based on SSL. Developed by Netscape, SSL also gained the support of other Internet client/server developers as well and became the de facto standard until evolving into TLS. TLS/SSL uses the public-and-private key encryption system from RSA, which also includes the use of a digital certificate. TLS/SSL is an integral part of most Web browsers (the client side) and Web servers. OpenSSL library derives from SSLeay. SSLeay was originally developed beginning in 1995, but in December 1998 SSLeay ceased to be developed and the first version of OpenSSL was released (using SSLeay last release, never released, as starting point). OpenSSL is composed of....