| 1 |
Thomas Kahle schrieb: |
| 2 |
> On 30/03/15 10:57, Andrew Savchenko wrote: |
| 3 |
>> And using https for that will create a |
| 4 |
>> tremendous stress on mirror's CPUs, so this is a bad approach. |
| 5 |
>> Not to mention that https itself is very hapless protocol with tons |
| 6 |
>> of vulnerabilities (all SSL versions are affected and most TLS |
| 7 |
>> implementations). |
| 8 |
> This is spreading FUD. |
| 9 |
> |
| 10 |
|
| 11 |
As far as I know this is correct. |
| 12 |
All SSL protocol versions including v3 have known vulnerabilities. |
| 13 |
In addition, a number implementations of TLS 1.0 and 1.1 have been found |
| 14 |
susceptible to the Poodle and/or FREAK attacks. |
| 15 |
|
| 16 |
That the https protocol is hapless is maybe a pessimistic view on the |
| 17 |
situation. But if all were fine, why some organizations think they need |
| 18 |
certificate pinning again? |
| 19 |
|
| 20 |
|
| 21 |
Best regards, |
| 22 |
Chí-Thanh Christopher Nguyễn |
Archives