Security Basics mailing list archives
Re: questions on SSL
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Fri, 14 Nov 2008 19:00:31 +0100
On 2008-11-14 Chris Mitchell wrote:
A new certificate would need to be issued for each domain/sub domain.
Wrong. Wildcard certificates do exist, even though they're more expensive than "normal" ones.
All links would also need to be hard coded to use the SSL/HTTPS.
Wrong as well. Links usually don't have the protocol hardcoded in them, but use whatever protocol the containing page uses. Plus, web servers can be configured to automatically redirect <http://my.example.com> to <https://my.example.com>. This is entirely transparent to the client. Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- questions on SSL s0h0us (Nov 14)
- Re: questions on SSL judd . obannon (Nov 14)
- Re: questions on SSL Andre Pawlowski (Nov 14)
- RE: questions on SSL Chris Mitchell (Nov 14)
- Re: questions on SSL Ansgar Wiechers (Nov 14)
- Re: questions on SSL Ansgar Wiechers (Nov 14)
- RE: questions on SSL David Gillett (Nov 14)