Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror

Submission + - PHP, Python and Google Go Fail to Detect Revoked TLS Certificates (softpedia.com)

An anonymous reader writes: Four years after the release of a groundbreaking study on the state of SSL/TLS certificates in non-browser applications (APIs more exactly), some programming languages fail to provide developers with the appropriate tools to validate certificates. Using three simple test scripts that connected to a list of known vulnerable HTTPS servers, researchers logged their results to see which programming languages detected any problems. According to the results, all tested programming languages (PHP, Python, Go), in various configurations failed to detect HTTPS connections that used revoked SSL/TLS certificates. This is a problem for HTTPS-protected APIs, since users aren't visually warned like in browsers, that they're on an insecure connection.
This discussion was created for logged-in users only, but now has been archived. No new comments can be posted.

PHP, Python and Google Go Fail to Detect Revoked TLS Certificates

Comments Filter:

Research is what I'm doing when I don't know what I'm doing. -- Wernher von Braun

Working...