Browse by Tags

All Tags » SSL Tutorial (RSS)
Wed, Nov 18 2009 21:02

My take on the SSL MITM Attacks – part 3 – the FTPS attacks

[Note - for previous parts in this series, see Part 1 and Part 2 .] FTP, and FTP over SSL, are my specialist subject, having written one of the first FTP servers for Windows to support FTP over SSL (and the first standalone FTP server for Windows!) Rescorla...
Posted by Alun Jones | with no comments
Filed under: , , , ,
Wed, Nov 11 2009 21:20

My take on the SSL MitM Attacks – part 2 – clarifications

Since the last post I made on the topic of SSL renegotiation attacks , I’ve had a few questions in email. Let’s see how well I can answer them: Q. Some stories talk about SSL, others about TLS, what’s the difference? A. For trademark reasons, when SSL...
Posted by Alun Jones | 1 comment(s)
Filed under: , ,
Mon, Nov 9 2009 20:26

My take on the SSL MITM Attacks – part 1 – the HTTPS attack

If you’re in the security world, you’ve probably heard a lot lately about new and deadly flaws in the SSL and TLS protocols – so-called “Man in the Middle” attacks (aka MITM). These aren’t the same as old-style MITM attacks , which relied on the attacker...
Posted by Alun Jones | 3 comment(s)
Filed under: , ,
Fri, Jan 26 2007 21:14

SSL development gotchas.

There are two behaviours in SSL that seem to catch out a number of people. The first is the use of close_notify . close_notify is an operation in SSL that terminates the SSL session, providing a definite end to the stream that is being protected. As it...
Posted by Alun Jones | 1 comment(s)
Filed under: