Security Basics mailing list archives

Re: questions on SSL

From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Fri, 14 Nov 2008 19:00:31 +0100

On 2008-11-14 Chris Mitchell wrote:

A new certificate would need to be issued for each domain/sub domain.


Wrong. Wildcard certificates do exist, even though they're more
expensive than "normal" ones.

All links would also need to be hard coded to use the SSL/HTTPS.


Wrong as well. Links usually don't have the protocol hardcoded in them,
but use whatever protocol the containing page uses. Plus, web servers
can be configured to automatically redirect <http://my.example.com> to
<https://my.example.com>. This is entirely transparent to the client.

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

Current thread:

questions on SSL s0h0us (Nov 14)
- Re: questions on SSL judd . obannon (Nov 14)
- Re: questions on SSL Andre Pawlowski (Nov 14)
- RE: questions on SSL Chris Mitchell (Nov 14)
  - Re: questions on SSL Ansgar Wiechers (Nov 14)
- Re: questions on SSL Ansgar Wiechers (Nov 14)
- RE: questions on SSL David Gillett (Nov 14)