Fastream Technologies wrote: > Hello, > > Glad that it interested you..! Anyway, I wonder if ICS TSslHttpCli > uses EV SSL certs and whether it is vulnerable.
Never heard of EV certificates. As I read the article it's some kind of "man in the middle" attack downgrading a secure to a plain text connection and spoofing some security indicators like the yellow lock icon in browsers. Detecting "man in the middle" attacks is possible with ICS-SSL however not a built-in feature. The application developer is responsible to handle this properly. Method PostConnectionCheck() provides easy detection of such attacks, have look at the HTTP client demo. -- Arno Garrels -- To unsubscribe or change your settings for TWSocket mailing list please goto http://lists.elists.org/cgi-bin/mailman/listinfo/twsocket Visit our website at http://www.overbyte.be
