Author

Topic: SSL 1.0 broken (Read 1427 times)

newbie
Activity: 55
Merit: 0
newbie
Activity: 18
Merit: 0
September 20, 2011, 10:50:36 AM
#6
It's TLS 1.0 that's broken, not SSL 1.0 ...

Well, SSL 1.0 was broken a long time ago, never use it.


With that in mind are there any browsers about that support TSL 1.1 and/or 1.2?

Yes Opera supports it very well. But this doesnt help you with IIS being the only common used web server with at least wacky and hidden support for it. So basically on the server side coverage tends to be zero.

Of course this may change now.
hero member
Activity: 504
Merit: 500
September 20, 2011, 07:11:24 AM
#5
It's TLS 1.0 that's broken, not SSL 1.0 ...


Thank you, was wondering when someone who actually bothers to read would point that out to people. ;p

With that in mind are there any browsers about that support TSL 1.1 and/or 1.2?
legendary
Activity: 1358
Merit: 1002
September 20, 2011, 05:56:23 AM
#4
It's TLS 1.0 that's broken, not SSL 1.0 ...
legendary
Activity: 1615
Merit: 1000
September 20, 2011, 05:05:41 AM
#3
Yep, it's a man-in-the-middle from what I can tell. So if you're on a trusted net connection and careful with your browsing, your risk should be fairly low. Public wifi etc. on the other hand...
legendary
Activity: 980
Merit: 1003
I'm not just any shaman, I'm a Sha256man
September 20, 2011, 04:58:05 AM
#2
Looks like it requires some JavaScript exploitation in order for this exploit to work, none the less if your not a white-hat expert your pretty vulnerable to these kind of things
legendary
Activity: 1615
Merit: 1000
September 20, 2011, 04:54:00 AM
#1
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

Researchers claim to have a found a way to decrypt SSL traffic, needing about 10 minutes to crack the encryption. The article doesn't go into much detail on what is required for the attack to work, and it's just one post on the register... Still, careful out there.
Jump to: