Google using Expired Cert and SSLv2 (转载)

[185990] 主题： Google using Expired Cert and SSLv2 (转载)

	作者： tshxp. (tshxp.)
	标题： Google using Expired Cert and SSLv2 (转载)[转载]
	来自： 202.194..
	发贴时间： 2004年04月07日 20:07:45
	长度： 1404字

	发信人：tshxp@smth.org (I'll be back)，信区：cn.bbs.comp.securit y 标题：Google using Expired Cert and SSLv2 (转载) 发信站：BBS 水木清华站转信站：LeafOK!netnews.sdu.edu.cn!maily.cic.tsinghua.edu.cn!SMTH 【以下文字转载自 BugTraqML 讨论区】发信人: mhamrick@cryptonomicon.net ("Matthew S. Hamrick&quo t;), 信区: BugTraqML 标题: Google using Expired Cert and SSLv2 发信站: NCTU CSIE FreeBSD Server (Thu Apr 1 08:21:07 2004) 转信站: SMTH!maily.cic.tsinghua.edu.cn!sjc70.webusenet.com!news. usenetserver.co 出处: freebsd.csie.nctu.edu.tw http://www.cryptonomicon.net/modules.php?name=News&file=arti cle&sid=729 Don't know how apropos it is to bugtraq, but I suppose it's rele vant to the web application security community. It's fairly well known amongst p eople who use SSL to secure portions of their web application that SSL version 2 is "bad." It's so bad that a bunch of really smart people went out and cre ated SSL version 3. So I was pretty surprised today when I noticed that https://w ww.google.com/ is using an expired certificate and SSLv2. Guess the moral of the story is: "even the big guys can get it wrong." /etc Matt H. -- One Ringtone to rule them all, one Carrier to find them, One Phone to bring them all and to the Service Contract bind the m. ------------------------------------------------- This mail sent through IMP: http://horde.org/imp/
	========== * * * * * ==========