TLS man in the middle

Sandy Harris sandyinchina at
Fri Nov 6 20:13:12 EST 2009

On 11/6/09, mheyman at <mheyman at> wrote:
> >From <>
>  and <>
>  >From what I gather, when TLS client certificates are used, an attacker
>  can post a command to a victim server and have it authenticated by a
>  legitimate client.

I'm in China and use SSL/TLS for quite a few things. Proxy connections,
Gmail set to "always use https" and so on. This is the main defense for
me and many others against the Great Firewall.

Should I be worrying about man-in-the-middle attacks from the Great
Firewall servers?

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list