TLS

Major TLS stacks contained severe implementation flaws (OpenSSL Heartbleed 2014, Apple Secure Transport goto fail, Microsoft SChannel Winshock, GnuTLS cert verification bugs), exposing keys and enabling authentication bypasses.

OAuth 2.0 removed signature-based security in favor of relying solely on TLS. Bearer tokens are not cryptographically bound to clients, making them inherently less secure if TLS is compromised.

DTLS requires multiple data exchanges to negotiate channels and maintains state until closure, preventing sleep mode in battery-driven IoT devices. Energy and bandwidth overhead makes DTLS impractical for constrained devices.

SNI is only supported in TLS 1.x, not SSL 3.0. Additionally, older clients (MSIE on XP, Java 6, Android versions, and some programming languages) lack SNI support, causing certificate errors when multiple certificates are hosted on the same IP address.

SSL certificates fail to validate when the domain name in the certificate does not match the exact domain being visited, including subdomain variations (www vs. non-www). This hostname mismatch triggers trust errors for otherwise valid certificates.

Python 3 may send a zero-length server name extension (SNI), causing tlsv1 alert decode errors that break TLS connections.