[Cryptography] Facebook on the state of STARTTLS
Stuart Longland
stuartl at longlandclan.yi.org
Sun May 25 04:06:30 EDT 2014
On Tue, 20 May 2014 20:06:41 +0200, tpb-crypto wrote:
> There are two solutions for this:
> - Monitor your own servers through remote connections trying an OpenSSL
> handshake and see which signature is shown, if it is fake you send a
> command through another channel to close the port or shutdown your
> system;
> - Use plugins like Certificate Patrol that will alert you of any
> certificate changes;
I recall last time I changed a SSL certificate over (thank-you
Heartbleed), Thunderbird made a big song and dance about the change of
SSL certificate. I haven't experimented with other clients much to know
how they react, but I do recall having to accept the new certificate in
Thunderbird.
More information about the cryptography
mailing list