[HTTPS-Everywhere] TLS Vulnerability
https-everywhere at lists.grepular.com
https-everywhere at lists.grepular.com
Tue Sep 20 13:09:06 PDT 2011
On 20/09/11 20:38, Colonel Graff wrote:
> Naturally ANY thing we invent will be severely flawed but given this:
> http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
>
> Is there anyway for HTTPS to warn users when it detects TLS 1.0 or SSL
> 2.0 being used? Preventing the use of the website isn't a good idea but
> obviously transparency is the goal and you'd think that warning users
> that their connection could quite possibly be intercepted and decrypted
> at a later date would meet that goal.
HTTPS-Everywhere is a Firefox addon. Firefox does not support TLS
versions 1.1 or 1.2 at this time. The warning you're proposing would
have to appear on literally every HTTPS site visited.
--
Mike Cardwell https://grepular.com/ https://twitter.com/mickeyc
Professional http://cardwellit.com/ http://linkedin.com/in/mikecardwell
PGP.mit.edu 0018461F/35BC AF1D 3AA2 1F84 3DC3 B0CF 70A5 F512 0018 461F
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: OpenPGP digital signature
URL: <http://lists.eff.org/pipermail/https-everywhere/attachments/20110920/cd2dd54d/attachment.sig>
More information about the HTTPS-everywhere
mailing list