Transport Layer Security (TLS)
Transport Layer Security (TLS) is a cryptographic protocol that is designed to provide secure communications over a computer network. TLS has replaced the deprecated Secure Sockets Layer (SSL) predecessor and is intended to enforce privacy and data integrity between two or more communicating computer applications.  TLS is utilized for a host of online activities, such as web browsing, email, instant messaging and VOIP applications. It ensures the client (like a web browser) is securely communicating with a server (such as whonix.org), meaning the connection is private, authenticated and reliable. For a detailed overview of the TLS design, refer to this Wikipedia entry [archive].
A significant number of attacks have been demonstrated against the SSL/TLS protocol in the recent past, including: 
- BEAST attack: violation of same origin policy constraints.
- ChangeCipherSpec injection attack [archive]: a specially crafted handshake forces the use of weak keyring material, allowing decryption and modification of traffic in transit.
- Cross protocol attacks: servers are attacked by exploiting their support of obsolete, insecure SSL protocols to leverage attacks on connections using up-to-date protocols.
- Heartbleed [archive]: private keys are stolen from servers, allowing anyone to read the memory of protected systems.
- POODLE attack [archive]: padding attacks which reveal the contents of encrypted messages.
- Protocol downgrade [archive]: web servers are tricked into negotiating connections with earlier versions of TLS that are insecure.
- RC4 attack [archive]: recovery of plain text relying on the RC4 cipher suite.
- Renegotiation attack [archive]: plaintext injection attacks via the hijacking of the https connection.
- TLS Compression (CRIME attack) [archive]: session hijacking of web sessions via recovery of secret authentication cookies.
- Truncation attack: victim logout requests are blocked so the user remains logged into a web service.
- Unholy PAC attack: URLs are exposed when a user attempts to reach a TLS-enabled web link.
In addition, little trust should be placed in the public TLS certificate authority (CA) system, since it relies on a third-party correctly establishing the authenticity of certificates. If/once the CA is subverted, then the security of the entire system is lost, and potentially all entities relying on the trust of the compromised CA are affected. 
The Snowden leaks confirmed that CAs were a weakpoint targeted by the IC, allowing for Man-in-the-middle attacks if the CAs were either compromised or cooperative. Examples of CA security breaches include DigiNotar [archive], Comodo [archive] and Turktrust [archive].
Whonix ™ Technical Design
TLS certificates, especially for https://check.torproject.org [archive] (check.tpo) are not yet pinned in Whonix ™; this is a future goal that requires further discussion. How pinning could be technically achieved is documented under Dev/SSL Certificate Pinning. At present this is a low priority for Whonix ™, since
- not even the Tor Browser Bundle pins the check.tpo TLS certificate (which is a much bigger issue). 
- only used when whonixcheck is used with command line parameter
--leak-testswhich does not happen by default.
- https://en.wikipedia.org/wiki/Transport_Layer_Security [archive]
- https://en.wikipedia.org/wiki/Transport_Layer_Security#Attacks_against_TLS/SSL [archive]
- https://en.wikipedia.org/wiki/Certificate_authority#CA_compromise [archive]
- Whonix ™ developer Patrick Schleizer does not agree with "low priority" assigned to this issue in TBB. See TBB: hardcode SSL cert check to prevent MITM [archive] for further information.
This is a wiki. Want to improve this page? Help is welcome and volunteer contributions are happily considered! Read, understand and agree to Conditions for Contributions to Whonix ™, then Edit! Edits are held for moderation. Policy of Whonix Website and Whonix Chat and Policy On Nonfreedom Software applies.
Copyright (C) 2012 - 2020 ENCRYPTED SUPPORT LP. Whonix ™ is a trademark. Whonix ™ is a licensee [archive] of the Open Invention Network [archive]. Unless otherwise noted, the content of this page is copyrighted and licensed under the same Freedom Software license as Whonix ™ itself. (Why?)