Penetration Testing mailing list archives

Re: TLS implementation test

From: "Kurt Seifried" <bt () seifried org>
Date: Sat, 21 Oct 2006 00:36:29 -0600

What other tests could be done ?

Thanks

Julien

Can an attacker force a connection to step down, can an attacker injectdata? Tools like dsniff, although old, are quite effective.


Something I wrote a looong time ago:

http://www.seifried.org/security/cryptography/20011108-end-of-ssl-ssh.html

Also is your certificate chaining/etc done securely.

-Kurt Seifried




------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.
http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------

Current thread:

TLS implementation test Julien (Oct 20)
- Re: TLS implementation test Kurt Seifried (Oct 21)
- Re: TLS implementation test Tim (Oct 21)
  - Re: TLS implementation test Julien (Oct 21)
  - Re: TLS implementation test Julien (Oct 24)
- Re: TLS implementation test Ariel Waissbein (Oct 24)