RE: HTTP/2 and Pervasive Monitoring

>What you can do in an MITM scenario isn't really relevant to PM. It's still harder to MITM weak TLS than clear text.
>
>I think it is more worrisome having the weak ciphers in there at all, as it opens up for bad configurations and downgrade attacks of https connections.

Outside the realm of standards, the print edition of "Bulletproof SSL and TLS: Understanding and Deploying SSL/TLS and PKI to Secure Servers and Web Applications" by Ivan Ristic just shipped(as in I expect to get a copy from Amazon later today) The chapter on OpenSSL has been available for a while, and helped me with some recent issues.

Received on Friday, 15 August 2014 13:08:29 UTC