1 |
Thomas Kahle schrieb: |
2 |
> On 30/03/15 10:57, Andrew Savchenko wrote: |
3 |
>> And using https for that will create a |
4 |
>> tremendous stress on mirror's CPUs, so this is a bad approach. |
5 |
>> Not to mention that https itself is very hapless protocol with tons |
6 |
>> of vulnerabilities (all SSL versions are affected and most TLS |
7 |
>> implementations). |
8 |
> This is spreading FUD. |
9 |
> |
10 |
|
11 |
As far as I know this is correct. |
12 |
All SSL protocol versions including v3 have known vulnerabilities. |
13 |
In addition, a number implementations of TLS 1.0 and 1.1 have been found |
14 |
susceptible to the Poodle and/or FREAK attacks. |
15 |
|
16 |
That the https protocol is hapless is maybe a pessimistic view on the |
17 |
situation. But if all were fine, why some organizations think they need |
18 |
certificate pinning again? |
19 |
|
20 |
|
21 |
Best regards, |
22 |
Chí-Thanh Christopher Nguyễn |