Some things that come to mind, not all of which are actually attacks: - Low-Exponent DH surveys, with followup and investigation to try and determine what software is used and supports/doesn't support it. (See also http://permalink.gmane.org/gmane.comp.encryption.general/16172 ) - Open Source Protocol Incompatibility survey tool (or extend sslyze) to test for servers that don't support parts of TLS, e.g.client Hello > 255, >512, TLS 1.1+, Extensions, etc - Timing and Cache Attacks (and the resulting constant-time fixes) for AES-GCM implementations - "Unsafe Defaults: A Survey of SSL Implementations, and Default Options That Are Just Wrong" - stuff like how openssl defaults to 1024 bits, I believe it uses insecure ciphers by default, etc
-tom
