[cryptography] anyone got a "how not to use OpenSSL" list?

Patrick Mylund Nielsen cryptography at patrickmylund.com
Wed Oct 10 15:56:29 EDT 2012


One thing that I've sadly seen more times than I can shake a stick at
is people leaving in aNULL/eNULL, or not including !aNULL:!eNULL in
their cipher suite list.

On Wed, Oct 10, 2012 at 6:34 PM,
<travis+ml-rbcryptography at subspacefield.org> wrote:
> I want to find common improper usages of OpenSSL library for SSL/TLS.
>
> Can be reverse-engineered from a "how to properly use OpenSSL" FAQ,
> probably, but would prefer information to the first point rather than
> its complement.
> --
> http://www.subspacefield.org/~travis/
> Any sufficiently advanced magic is indistinguishable from reality.
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>



More information about the cryptography mailing list