The most dangerous code in the world - validating SSL certificates (2012)

Posted Aug 24, 2019 2019-08-24T00:00:00+08:00 by PipisCrew

src - https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html

valid PHP

curl_setopt($curlHandle, CURLOPT_SSL_VERIFYPEER, 1);   //https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
curl_setopt($curlHandle, CURLOPT_SSL_VERIFYHOST, 2);   //https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html

JSSE (Java Secure Socket Extension) - SSLSocketFactory silently skips hostname veriﬁcation if the algorithm ﬁeld in the SSL client is NULL or an empty string rather than HTTPS. (ref / fix)

origin - https://www.pipiscrew.com/?p=15268 the-most-dangerous-code-in-the-world-validating-ssl-certificates-2012

news

This post is licensed under CC BY 4.0 by the author.

The most dangerous code in the world - validating SSL certificates (2012)

Further Reading

Snapchat reportedly paid over $250 million for an app that lets you track your friends

WannaCry reportedly hitting speed cameras in Victoria

o7zip or RAR your project files and folders!

Trending Tags