The security of network communications is important to both network users and network service providers. One way that the security of network communications is enhanced is through the use of digital certificates. A digital certificate is an electronic document that can be used to prove the identity of the certificate owner by showing ownership of a public key. Digital certificates can be signed (i.e., digitally signed) by the certificate owner or by a trusted third-party called a certificate authority (“CA”). The CA verifies the identity of a party and issues a certificate signed with a private key controlled by the CA. Maintaining the security of digital certificates can be difficult and consume significant resources. For example, certificate authorities use robust verification processes to ensure that certificates are not issued in error. An attacker may attempt to obtain a counterfeit digital certificate and impersonate another company, user, or entity. Owners of digital certificates take precautions to ensure that the private keys associated with their digital certificates are not compromised. As a precaution, digital certificates are occasionally updated to improve their effectiveness and mitigate newly discovered vulnerabilities.
Digital certificates can be used in combination with secure transport protocols such as Secure Socket Layer (“SSL”) or Transport Layer Security (“TLS”). In TLS, an encrypted communication session is created between a client and a server. The client and the server can exchange digital certificates when negotiating the encrypted communication session in order to prove their identities. A part of a TLS handshake, a cipher suite is negotiated between the client and the server. A cipher suite is a named combination of authentication, encryption, Method Authentication Code (“MAC”), and key-exchange algorithms that are used to implement the secure connection between the client and server. In determining a cipher suite to use, the client and the server generally attempt to identify the most secure cipher suite that is supported by both the client and the server, based at least in part on a preference ordering. A determined attacker can generate an attack that can cause the client and the server to downgrade the mutually agreed-upon cipher suite to use a weakened form of encryption. The weakened form of encryption can be broken by the attacker, revealing sensitive data included in the encrypted communications. Although new cipher suites are developed and deployed in response to advancements in cryptographic technologies and newly discovered vulnerabilities, “forced downgrade” attacks are a continuing problem whose effective prevention requires significant resources.