Hacker News new | past | comments | ask | show | jobs | submit login

Adam Langley at Google has a good technical description here: https://www.imperialviolet.org/2014/06/05/earlyccs.html

Specifically,

    With any OpenSSL client talking to an OpenSSL 1.0.1 
    server, an attacker can inject CCS messages to fixate the 
    bad keys at both ends but the Finished hashes will still 
    line up. So it's possible for the attacker to decrypt    
    and/or hijack the connection completely.



Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: