[HTTPS-Everywhere] TLS Vulnerability
Colonel Graff
graffatcolmingov at gmail.com
Tue Sep 20 12:38:36 PDT 2011
Naturally ANY thing we invent will be severely flawed but given this:
http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
Is there anyway for HTTPS to warn users when it detects TLS 1.0 or SSL 2.0
being used? Preventing the use of the website isn't a good idea but
obviously transparency is the goal and you'd think that warning users that
their connection could quite possibly be intercepted and decrypted at a
later date would meet that goal.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20110920/e9ebd8e0/attachment.html>
More information about the HTTPS-everywhere
mailing list