[HTTPS-Everywhere] TLS Vulnerability
Peter Eckersley
pde at eff.org
Tue Sep 20 14:10:45 PDT 2011
Until Firefox supports TLS 1.1 or 1.2, I'm afraid this warning is
applicable to all HTTPS visited :(
https://bugzilla.mozilla.org/show_bug.cgi?id=565047
https://bugzilla.mozilla.org/show_bug.cgi?id=565047
On Tue, Sep 20, 2011 at 03:38:36PM -0400, Colonel Graff wrote:
> Naturally ANY thing we invent will be severely flawed but given this:
> http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
>
> Is there anyway for HTTPS to warn users when it detects TLS 1.0 or SSL 2.0
> being used? Preventing the use of the website isn't a good idea but
> obviously transparency is the goal and you'd think that warning users that
> their connection could quite possibly be intercepted and decrypted at a
> later date would meet that goal.
> _______________________________________________
> HTTPS-everywhere mailing list
> HTTPS-everywhere at mail1.eff.org
> https://mail1.eff.org/mailman/listinfo/https-everywhere
--
Peter Eckersley pde at eff.org
Technology Projects Director Tel +1 415 436 9333 x131
Electronic Frontier Foundation Fax +1 415 436 9993
More information about the HTTPS-everywhere
mailing list