[cryptography] anyone got a "how not to use OpenSSL" list?

Patrick Mylund Nielsen cryptography at patrickmylund.com
Wed Oct 24 19:46:31 EDT 2012


Related:

https://crypto.stanford.edu/~dabo/pubs/abstracts/ssl-client-bugs.html
http://www.cs.utexas.edu/~shmat/shmat_ccs12.pdf


On Wed, Oct 10, 2012 at 10:26 PM, <
travis+ml-rbcryptography at subspacefield.org> wrote:

> On Wed, Oct 10, 2012 at 08:56:29PM +0100, Patrick Mylund Nielsen wrote:
> > One thing that I've sadly seen more times than I can shake a stick at
> > is people leaving in aNULL/eNULL, or not including !aNULL:!eNULL in
> > their cipher suite list.
>
> I should point out, I meant from a source code and not an
> operational/environmental perspective... though all such information
> is entertaining...
> --
> http://www.subspacefield.org/~travis/
> Any sufficiently advanced magic is indistinguishable from reality.
>
> _______________________________________________
> cryptography mailing list
> cryptography at randombit.net
> http://lists.randombit.net/mailman/listinfo/cryptography
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/cryptography/attachments/20121025/197da1b8/attachment.html>


More information about the cryptography mailing list