发信人：tshxp@smth.org (I'll be back)，信区：cn.bbs.comp.security
标  题：Google using Expired Cert and SSLv2 (转载)
发信站：BBS 水木清华站
转信站：LeafOK!netnews.sdu.edu.cn!maily.cic.tsinghua.edu.cn!SMTH

【 以下文字转载自 BugTraqML 讨论区 】
发信人: mhamrick@cryptonomicon.net ("Matthew S. Hamrick"), 信区: BugTraqML
标  题: Google using Expired Cert and SSLv2
发信站: NCTU CSIE FreeBSD Server (Thu Apr  1 08:21:07 2004)
转信站: SMTH!maily.cic.tsinghua.edu.cn!sjc70.webusenet.com!news.usenetserver.co
出  处: freebsd.csie.nctu.edu.tw

http://www.cryptonomicon.net/modules.php?name=News&file=article&sid=729

Don't know how apropos it is to bugtraq, but I suppose it's relevant to the web
application security community. It's fairly well known amongst people who use
SSL to secure portions of their web application that SSL version 2 is "bad."
It's so bad that a bunch of really smart people went out and created SSL version
3. So I was pretty surprised today when I noticed that https://www.google.com/
is using an expired certificate and SSLv2.

Guess the moral of the story is: "even the big guys can get it wrong."

/etc
Matt H.

-- 
One Ringtone to rule them all, one Carrier to find them,
One Phone to bring them all and to the Service Contract bind them.

-------------------------------------------------
This mail sent through IMP: http://horde.org/imp/