Posted in a boring Friday just for fun.
The author does not make any, implied, de-implied, un-implied, guarantees regarding the correctness of the bellow information(if you feel something was omitted that should have worth a mention or misplaced, feel free to comment).
Reference:
http://www.ssl.berkeley.edu/about/index.php
Not really, I guess… :)
1994/1995 - Milestone
SSL 2.0 - http://www.mozilla.org/projects/security/pki/nss/ssl/draft02.html
Version contains security flaws.
1996 – Milestone
SSL 3.0 - http://www.mozilla.org/projects/security/pki/nss/ssl/draft302.txt
1996
Analysis of the SSL 3.0 Protocol, Bruce Schneier / David Wagner - http://www.schneier.com/paper-ssl.pdf
1996
Modifications to the SSL protocol for TLS - http://tools.ietf.org/html/draft-ietf-tls-ssl-mods-00
1999 - Milestone
TLS 1.0 - http://www.ietf.org/rfc/rfc2246.txt
TLS uses HMAC as opposed to SSL 3.0 which used an early version of the HMAC algorithm.
TLS makes use of a pseudorandom function (PRF), SHA-1 & MD5 combination.
Key derivation functions are different from SSL 3.0.
The RSA key exchange in SSL 3.0 did not comply with the spec.
TLS can be used in FIPS mode as opposed to SSL 3.0 which cannot be used in FIPS mode(due to the key derivation process).
1999
Addition of Kerberos Cipher Suites to Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc2712.txt
2002
Advanced Encryption Standard (AES) Ciphersuites for Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc3268.txt
2003
Transport Layer Security (TLS) Extensions - http://www.ietf.org/rfc/rfc3546.txt
Specific extensions: Server Name Indication, Maximum Fragment Length Negotiation, Client Certificate URLs, Trusted CA Indication, Truncated HMAC, Certificate Status Request.
2004
Transport Layer Security Protocol Compression Methods - http://www.ietf.org/rfc/rfc3749.txt
2004
Transport Layer Security (TLS) Protocol Compression Using Lempel-Ziv-Stac (LZS) - http://www.ietf.org/rfc/rfc3943.txt
2005
Guidelines for the Selection and Use of Transport Layer Security (TLS) Implementations - http://csrc.nist.gov/publications/nistpubs/800-52/SP800-52.pdf
2005
Addition of Camellia Cipher Suites to Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc4132.txt
2005
Addition of SEED Cipher Suites to Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc4162.txt
2005
Pre-Shared Key Ciphersuites for Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc4279.txt
2006 – Milestone
TLS 1.1 - http://www.ietf.org/rfc/rfc4346.txt
Small security improvements, clarifications, and editorial improvements.
The implicit Initialization Vector (IV) is replaced with an explicit IV to protect against CBC attacks.
Handling of padding errors is changed to use the bad_record_mac alert rather than the decryption_failed alert to protect against CBC attacks.
Premature closes no longer cause a session to be nonresumable.
2006 - Milestone
Datagram Transport Layer Security(DTLS) - http://www.ietf.org/rfc/rfc4347.txt
A datagram-compatible variant of TLS is described.
2006
Transport Layer Security (TLS) Extensions - http://www.ietf.org/rfc/rfc4366.txt
Obsoletes RFC 3546.
Specific extensions: Server Name Indication, Maximum Fragment Length Negotiation, Client Certificate URLs, Trusted CA Indication, Truncated HMAC, Certificate Status Request.
2006
Elliptic Curve Cryptography (ECC) Cipher Suites for Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc4492.txt
New key exchange algorithms based on Elliptic Curve Cryptography (ECC) for the Transport Layer Security (TLS) protocol.
In particular, it specifies the use of Elliptic Curve Diffie-Hellman (ECDH) key agreement in a TLS handshake and the use of Elliptic Curve Digital Signature Algorithm (ECDSA) as a new authentication mechanism.
Two client Hello extensions are introduced: Supported Elliptic Curves Extension, Supported Point Formats Extension.
Both TLS 1.0 and TLS 1.1 support ECC cipher suites.
2006
Transport Layer Security (TLS) Session Resumption without Server-Side State - http://www.ietf.org/rfc/rfc4507.txt
2006
TLS Handshake Message for Supplemental Data - http://www.ietf.org/rfc/rfc4680.txt
2006
TLS User Mapping Extension - http://www.ietf.org/rfc/rfc4681.txt
2007
Pre-Shared Key (PSK) Ciphersuites with NULL Encryption for Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc4785.txt
2007
Using the Secure Remote Password (SRP) Protocol for TLS Authentication - http://www.ietf.org/rfc/rfc5054.txt
2007
Using OpenPGP Keys for Transport Layer Security (TLS) Authentication - http://www.ietf.org/rfc/rfc5081.txt
2008
Transport Layer Security (TLS) Session Resumption without Server-Side State - http://www.ietf.org/rfc/rfc5077.txt
Obsoletes RFC 4507.
2008 - Milestone
TLS 1.2 - http://www.ietf.org/rfc/rfc5246.txt
The MD5/SHA-1 combination in the pseudorandom function (PRF) has been replaced with cipher-suite-specified PRFs. All cipher suites in the TLS 1.2 document use SHA256.
A new extension is introduced: Signature Algorithms.The client uses this extension to indicate to the server which signature/hash algorithm pairs may be used in digital signatures.
Removed IDEA and DES cipher suites. These are described in a separate RFC(RFC 5469).
TLS_RSA_WITH_AES_128_CBC_SHA is now the mandatory to implement cipher suite.
Added HMAC-SHA256 cipher suites.
Addition of support for authenticated encryption with additional data modes.
Various security improvements.
Clarifications and editorial work.
2008
AES Galois Counter Mode (GCM) Cipher Suites for TLS - http://www.ietf.org/rfc/rfc5288.txt
2008
TLS Elliptic Curve Cipher Suites with SHA-256/384 and AES Galois Counter Mode (GCM) - http://www.ietf.org/rfc/rfc5289.txt
2009
Suite B Profile for Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc5430.txt
2009
DES and IDEA Cipher Suites for Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc5469.txt
2009
Pre-Shared Key Cipher Suites for TLS with SHA-256/384 and AES Galois Counter Mode - http://www.ietf.org/rfc/rfc5487.txt
2009
ECDHE_PSK Cipher Suites for Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc5489.txt
2009
http://blog.ivanristic.com/2009/07/announcing-the-ssl-server-rating-guide-and-the-public-ssl-server-database.html
SSL Server Rating Guide - https://www.ssllabs.com/projects/rating-guide/index.html
2009
http://www.cgisecurity.com/2009/10/owasp-publishes-transport-layer-protection-cheat-sheet.html
Transport Layer Protection Cheat Sheet - http://www.owasp.org/index.php/Transport_Layer_Protection_Cheat_Sheet
2009
Initial Release: March 28, 2003. Last Update: October 22, 2009 (as writing)
Implementation Guidance for FIPS PUB 140-2 and the Cryptographic Module Validation Program - http://csrc.nist.gov/groups/STM/cmvp/documents/fips140-2/FIPS1402IG.pdf
Extra timeline: various TLS related stuff
1999
X.509 Internet Public Key Infrastructure Online Certificate Status Protocol – OCSP - http://www.ietf.org/rfc/rfc2560.txt
1999
PPP EAP TLS Authentication Protocol - http://www.ietf.org/rfc/rfc2716.txt
2000
Upgrading to TLS Within HTTP/1.1 - http://www.ietf.org/rfc/rfc2817.txt
2000
HTTP Over TLS - http://www.ietf.org/rfc/rfc2818.txt
2002
Algorithms and Identifiers for the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile - http://www.ietf.org/rfc/rfc3279.txt
2002
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile - http://www.ietf.org/rfc/rfc3280.txt
2005
Securing FTP with TLS - http://www.ietf.org/rfc/rfc4217.txt
2005
Common Open Policy Service (COPS) Over Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc4261.txt
2006
Connection-Oriented Media Transport over the Transport Layer Security (TLS) Protocol in the Session Description Protocol (SDP) - http://www.ietf.org/rfc/rfc4572.txt
2006
Using Transport Layer Security (TLS) with Network News Transfer Protocol (NNTP) - http://www.ietf.org/rfc/rfc4642.txt
2007
The Lightweight Online Certificate Status Protocol (OCSP) Profile for High-Volume Environments - http://www.ietf.org/rfc/rfc5019.txt
2008
The EAP-TLS Authentication Protocol - http://www.ietf.org/rfc/rfc5216.txt
2008
Datagram Transport Layer Security (DTLS) over the Datagram Congestion Control Protocol (DCCP) - http://www.ietf.org/rfc/rfc5238.txt
2008
Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile - http://www.ietf.org/rfc/rfc5280.txt
2008
Extensible Authentication Protocol Tunneled Transport Layer Security Authenticated Protocol Version 0 (EAP-TTLSv0) - http://www.ietf.org/rfc/rfc5281.txt
2009
Transport Layer Security (TLS) Transport Mapping for Syslog - http://www.ietf.org/rfc/rfc5425.txt
2009
Elliptic Curve Cryptography Subject Public Key Information - http://www.ietf.org/rfc/rfc5480.txt
2009
NETCONF over Transport Layer Security (TLS) - http://www.ietf.org/rfc/rfc5539.txt