PHP, Python still fail to spot revoked TLS certificates

By | 2:15 AM Leave a Comment
In 2012, a group of researchers demonstrated that SSL certificate validation is broken in many applications and libraries, and pointed out the root causes for that situation: badly designed APIs of SSL implementations and data-transport libraries. Four years later, Sucuri Security researchers wanted to check what’s the current situation, and discovered that there have been some improvements, but that PHP, Python and Google Go still fail to check if a TLS certificate has been revoked. … More
from Help Net Security http://ift.tt/1pPWDwF

0 comments:

Post a Comment