Subscribe to the RSS feed in case you are interested in updates

I updated the whitepaper "TLS / SSLv3 vulnerability explained" :

Updated 18.11.2009 : Added SMTP over TLS attack scenario, added s_client testcase
Updated 30.11.2009 : Added FTPS analysis, new attacks against HTTPS (injecting responses and downgrading to HTTP)  


2 comments

Anonymous said... @ 18 November, 2009 16:30

Thanx for the interesting document.

Just one ammendment: STunnel is vulnerable too, since it uses the openssl-libraries. the latest version from 2009-11-08 for windows includes the openssl-0.9.8l - version; linux/unix-versions will depend on updates from their vendors or have to build the very recent version.


mex

Anonymous said... @ 18 November, 2009 16:30

Thanx for the interesting document.

Just one ammendment: STunnel is vulnerable too, since it uses the openssl-libraries. the latest version from 2009-11-08 for windows includes the openssl-0.9.8l - version; linux/unix-versions will depend on updates from their vendors or have to build the very recent version.


mex

Post a Comment