This paper explains how it is often possible, with the simple substitution
of a string, to get around a “secure” implementation based on an
incorrect use of SSL.
Please note that this document does not contain any information about weaknesses
of the SSL protocol; it simply shows the easiest way to get around the correct
functioning of the SSL protocol.
In this document typical “weakly secure” implementation based on
the SSL protocol are illustrated.
A simple test application is also proposed to check if existing implementations
are indeed “weakly secure”.
This document is in pdf format. To
view it click here.