we are going to build an application where network security is one of the big issues. The application is provided over the internet (public network), but should transfer sensitive data and sensitive, confidential documents, which should be as secure as possible against possible attacks, e.g. man-in-the-middle.
Of course, the application will be encrypted using SSL. However, SSL has been hacked yet and we do not know if it is secure enough to use SSL only.
So my question is: Is there any benefit for the security of an online application using SSL, if we would encrypt the data before the network transfer with JavaScript ADDITIONALLY (symmetric or asymmetric encryption)?
So the data would be double encrypted, which would it make hard to read for attackers, even if they would manage to hack the SSL-encryption.
Additional Question: Is there a good JavaScript library for encrypting files on the client-side before transferring these over the network?
(Notice: We know the possibility of encrypting AND decrypting the files client-side, so they are not readable on the server (because the client key is unknown). However, there will be files which should be possible for the server to read and should, if useful, be double encrypted anyway, but with different keys per client).