While more proper uses of OpenSSL vs improper, participates of the
discussion might enjoy the following whitepaper and tool release by
iSEC Partners and an Academic look at popular non-browser SSL failures
(bottom):
Related:
https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf
On Wed, Oct 10, 2012 at 10:26 PM,
travis+ml-rbcryptogra...@subspacefield.org wrote:
On Wed, Oct 10, 2012 at 08:56:29PM +0100, Patrick Mylund Nielsen wrote:
One
On Wed, Oct 10, 2012 at 1:34 PM,
travis+ml-rbcryptogra...@subspacefield.org wrote:
I want to find common improper usages of OpenSSL library for SSL/TLS.
Can be reverse-engineered from a how to properly use OpenSSL FAQ,
probably, but would prefer information to the first point rather than
its
* Ryan Sleevi:
Here's a quick list off the top of my head from having poked around
various languages' bindings (Python, Perl, PHP, etc), from having seen
various rebranded OpenSSL-using products, and from various I just want
to do HTTPS
Here's another one I came across: do not use the
Patrick Mylund Nielsen cryptogra...@patrickmylund.com writes:
Guess what his optimization was. Yup, he tried every combination of things in
SSLCipherSuite and simply chose the one with the lest CPU...
I've run into similar things, I've had (potential) users of my software reject
it because it
I want to find common improper usages of OpenSSL library for SSL/TLS.
Can be reverse-engineered from a how to properly use OpenSSL FAQ,
probably, but would prefer information to the first point rather than
its complement.
--
http://www.subspacefield.org/~travis/
Any sufficiently advanced magic
On Wed, Oct 10, 2012 at 6:34 PM,
travis+ml-rbcryptogra...@subspacefield.org wrote:
I want to find common improper usages of OpenSSL library for SSL/TLS.
Can be reverse-engineered from a how to properly use OpenSSL FAQ,
probably, but would prefer information to the first point rather than
its
Hah. I'm surprised the term security theater wasn't coined earlier!
On Wed, Oct 10, 2012 at 9:29 PM, Warren Kumari war...@kumari.net wrote:
On Oct 10, 2012, at 3:56 PM, Patrick Mylund Nielsen
cryptogra...@patrickmylund.com wrote:
One thing that I've sadly seen more times than I can shake a
