Cyber Security Expo
The easiest way to get around SSL by Roberto Larcher on 16/03/04

This paper explains how it is often possible, with the simple substitution of a string, to get around a “secure” implementation based on an incorrect use of SSL.
Please note that this document does not contain any information about weaknesses of the SSL protocol; it simply shows the easiest way to get around the correct functioning of the SSL protocol.
In this document typical “weakly secure” implementation based on the SSL protocol are illustrated.
A simple test application is also proposed to check if existing implementations are indeed “weakly secure”.

This document is in pdf format. To view it click here.

Rate this article

All images, content & text (unless other ownership applies) are © copyrighted 2000 -  , All rights reserved. Comments are property of the respective posters.