However, there are plenty of other reasons to consider it insecure. If security and safety are only worthwhile if there’s profit involved, well… Isn’t SSL/TLS Secure?ĭon’t let this article give you the impression it’s not as you’ll see from the next section, there’s a good deal of requirements that must be met. Conflict of interest perhaps – if so, that’s sad and perhaps a comment on our culture. If they can all contribute time, money and resources to ODL, why the heck can’t our favourite and/or trusted companies, vendors and ‘partners’ support the security realm a bit more too.
That, or they rely on other tools that don’t. seems to rely on far too many tools and packages the authors of which simply don’t have the resources to maintain to a high standard. Another free tool, another simple error waiting in the wings to cough bleed you dry? Not in the same league but really, security and it’s analysis etc. +1 To the authors and the architecture of tools like this (including the original author, Eric Rescorla who has contributed to a significant number of RFCs (the last in 2013) but who also unfortunately played a part in Dual EC DRBG). You might note that ssldump hasn’t been updated in a major way for over a decade (but has been ‘patched’ as late as 2013) not a problem, it still works a treat.
This tool ‘saved the day’ I can tell you. I’ve had cause to use this tool recently where writing a tcpdump to file and using Wireshark simply hasn’t been possible/permitted. Aside from the obvious advantages, immediacy and efficiency of a CLI tool, ssldump also provides some very useful, nicely parsed data around the SSL/TLS connection itself too. This is a straight copy of my popular Using Wireshark to Decode/Decrypt SSL/TLS Packets post, only using ssldump to decode/decrypt SSL/TLS packets at the CLI instead of Wireshark. Who needs the Wireshark GUI right let’s do this at the command line and be grown up about things.
0 kommentar(er)
