SSL/TLS can and is routinely broken by corporations as well as government entities. Describe at least three ways that such attacks can be carried out. (Hint: look at the Convergence tool and the headlines such as HeartBleed and/or Poodle). Is it possible to detect whether your employer is engaged in active surveillance of your SSL/TLS traffic?

Security :

Transport Layer Security (TLS) and its predecessor Secure Sockets Layer (SSL) are a family of cryptographic protocols that utilize X.509 certificates, public/private key encryption, and an exchanged symmetric key to,

validate the name of a server  know that google.com really is Google

encrypt the contents of communication between client and server  prevent anyone from observing your communication with google.com

verify the integrity of communication between client and server e.g. ensure that a message was not modified by an attacker

verify the authenticity of communication between client and server ensure that a message from google.com came from Google

Many users believe encryption is the most important feature of TLS, but the verification of identity and prevention of man-in-the-middle (MITM) attacks are equally if not more important. Encryption isn't of use if you aren't talking to who you think you are, as an attacker could proxy between you and the server.

Chat Conversation End