Subscribe to the RSS feed in case you are interested in updates
I updated the whitepaper "TLS / SSLv3 vulnerability explained" :
Updated 18.11.2009 : Added SMTP over TLS attack scenario, added s_client testcase
Updated 30.11.2009 : Added FTPS analysis, new attacks against HTTPS (injecting responses and downgrading to HTTP)
Updated 18.11.2009 : Added SMTP over TLS attack scenario, added s_client testcase
Updated 30.11.2009 : Added FTPS analysis, new attacks against HTTPS (injecting responses and downgrading to HTTP)
Download : http://clicky.me/tlsvuln
Posts
2 comments:
Thanx for the interesting document.
Just one ammendment: STunnel is vulnerable too, since it uses the openssl-libraries. the latest version from 2009-11-08 for windows includes the openssl-0.9.8l - version; linux/unix-versions will depend on updates from their vendors or have to build the very recent version.
mex
Thanx for the interesting document.
Just one ammendment: STunnel is vulnerable too, since it uses the openssl-libraries. the latest version from 2009-11-08 for windows includes the openssl-0.9.8l - version; linux/unix-versions will depend on updates from their vendors or have to build the very recent version.
mex
Post a Comment