How secure is SSL?

Question

How secure is SSL (Secure Socket Layer)? As in, how much will it take to crack a password sent through SSL?

Answer 1

You mentioned "send a password" trough SSL.

Maybe the question here is how do you

1. Protect the passwords (are the stored as hash, plaintext etc)
2. Rate limit the login attempts (e.g. if you allow max 1 per second brute force from external sources will take a very long time)
3. An important thing about SSL: Where and how is your private key stored (encrypted on disk, inside special non readable hardware)?

Because an often overlooked fact is that the threats from local attacks might be much higher than an attack at the cipher level.

E.g. if someone breaks into your server and obtains the private key (worst case if it is unencrypted on the disk) - with the private key it then might be possible to decrypt stored communications depending on the key exchange mechanism used.

Also as soon as someone obtains your private key it is easy to setup a server which seems to the user as there original server because it has the correct certificate.

So I guess the security of established protocols shouldn't be the first point to worry about.