On 10:18 pm, janssen at parc.com wrote: >Guido, > >I'm working from <http://extendedsubset.com/Renegotiating_TLS.pdf>. > >I believe geremy is right. The current SSL module does not expose much >of the SSL API, so servers implemented in Python, using it, should >(fortuituously) be immune to the some of the attacks outlined, simply >because there's no way to do an application-initiated renegotiation, >which the first two scenarios presuppose. On the other hand, there's >no >way to do application-directed session resumption, either, which might >be a good add to support new or updated application protocols which >address this problem. Also, for Python 2.5 and earlier, any SSL-based code is vulnerable to a MitM anyway, so this can only be an issue for code using the new APIs in Python 2.6. Jean-Paul
RetroSearch is an open source project built by @garambo | Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.4