Kudos on the research. Were you surprised that you uncovered security bugs in 1.83% of TLS implementations, detecting nearly 100 different vulnerabilities. The figure seems quite high to me, so I was wondering how it compares to previous research in this area?
-
-
-
Usually people did not evaluate padding oracles in such depth. For example Ssllabs only checks for CVE20162107 and "some" TLS-Poodle variants. We tried to create a clean evaluation which covers most of the different aspects and grouped distinct server behavior.
- Još 2 druga odgovora
Novi razgovor -
-
-
Did you check the
#golang TLS implementation? -
We did not check individual implementations. However, if you can point me to a server I can scan it for you :)
Kraj razgovora
Novi razgovor -
-
-
Code comes in August?
-
Probably in the upcoming week(s).
Kraj razgovora
Novi razgovor -
Čini se da učitavanje traje već neko vrijeme.
Twitter je možda preopterećen ili ima kratkotrajnih poteškoća u radu. Pokušajte ponovno ili potražite dodatne informacije u odjeljku Status Twittera.
