Re: TLS implementation test

From: Kurt Seifried (bt@seifried.org)
Date: Sat Oct 21 2006 - 02:36:29 EDT

• Next message: Tim: "Re: TLS implementation test"
• Previous message: Nico Golde: "w3bfukk0r-0.2"
• In reply to: Julien: "TLS implementation test"
• Next in thread: Tim: "Re: TLS implementation test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

> What other tests could be done ?
>
> Thanks
>
> Julien

Can an attacker force a connection to step down, can an attacker inject
data? Tools like dsniff, although old, are quite effective.

Something I wrote a looong time ago:

http://www.seifried.org/security/cryptography/20011108-end-of-ssl-ssh.html

Also is your certificate chaining/etc done securely.

-Kurt Seifried

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

• Next message: Tim: "Re: TLS implementation test"
• Previous message: Nico Golde: "w3bfukk0r-0.2"
• In reply to: Julien: "TLS implementation test"
• Next in thread: Tim: "Re: TLS implementation test"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:13 EDT