It's bad. I decided to test my servers after updating them. Took me
about 3 hours to write a working implementation of this attack without
any prior knowledge of TLS internals. It's easy to do, pretty much
impossible to detect, and it's going to spread quickly. Shut down your
https sites and any ot
On Tue, Apr 8, 2014 at 4:35 AM, Randy Bush wrote:
>> I'm really surprised no one has mentioned this here yet...
>
> we're all to damned busy updating and generating keys
>
> you might like (thanks smb, or was it sra)
>
> openssl s_client -connect google\.com:443 -tlsextdebug 2>&1| grep 'server
>
Here's mine, written in Go:
http://code.google.com/p/mxk/source/browse/go1/tlshb/
To build the binary, install Mercurial, install Go (golang.org), set
GOPATH to some empty directory, then run:
go get code.google.com/p/mxk/go1/tlshb
- Max
On Tue, Apr 8, 2014 at 12:16 PM, Patrick W. Gilmore wro
On Fri, Dec 14, 2012 at 10:52 AM, Peter Kristolaitis wrote:
> On 12/14/2012 10:47 AM, Randy wrote:
>>
>> I don't have hundreds of dollars to get my ssl certificates signed
>
>
> You can get single-host certificates issued for free from StartSSL, or for
> very cheaply (under $10) from low-cost prov
On Thu, Jan 3, 2013 at 12:14 AM, Damian Menscher wrote:
> Back on topic: encryption without knowing who you're talking to is worse
> than useless (hence no self-signed certs which provide a false sense of
> security), and there are usability difficulties with exposing strong
> security to the aver
On Fri, Nov 2, 2012 at 4:10 PM, Jeff Wheeler wrote:
> On Fri, Nov 2, 2012 at 11:13 AM, Eric Germann wrote:
>> I'm looking for a recommendation on a smallish 10G Ethernet switch for a
>> small virtualization/SAN implementation (4-5 hosts, 2 SAN boxes) over
>> iSCSI with some legacy boxes on GigE.
6 matches
Mail list logo
