Lots of CVEs ahead in TLS implementations

[Hanno Böck <hanno () hboeck de>]

Hi,

There is a pretty interesting new research paper that tries to find all
kinds of vulnerabilities in TLS implementations regarding certificate
validation:
https://www.cs.utexas.edu/~shmat/shmat_oak14.pdf

They found a whole bunch of issues in various open source ssl
implementations

Maybe we can start some collaborative effort to dig through them and
assign CVEs. Some seem to have already been handled, e.g. one of the
most sever issues found is CVE-2014-1959 in gnutls (already fixed
upstream). However, others seem unhandled.

Beside: It's well worth reading the paper if you're into that stuff.

cu,
-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno () hboeck de
GPG: BBB51E42

Attachment: signature.asc
Description: