Posts The most dangerous code in the world - validating SSL certificates (2012)
Post
Cancel

The most dangerous code in the world - validating SSL certificates (2012)

src - https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html

valid PHP

1
2
curl_setopt($curlHandle, CURLOPT_SSL_VERIFYPEER, 1);   //https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYPEER.html
curl_setopt($curlHandle, CURLOPT_SSL_VERIFYHOST, 2);   //https://curl.haxx.se/libcurl/c/CURLOPT_SSL_VERIFYHOST.html

JSSE (Java Secure Socket Extension) - SSLSocketFactory silently skips hostname verification if the algorithm field in the SSL client is NULL or an empty string rather than HTTPS. (ref / fix)

origin - https://www.pipiscrew.com/?p=15268 the-most-dangerous-code-in-the-world-validating-ssl-certificates-2012

This post is licensed under CC BY 4.0 by the author.
Contents

Trending Tags