Where HTTPS Fails

4 points

13 years ago

I've read Jeff Moser's article "The First Few Seconds of an HTTPS Connection" (http://www.moserware.com/2009/06/first-few-milliseconds-of-https.html) which describes in detail the exchanges made by client and server to establish a data channel that both agree is secure.

Viewing this interaction as an instructive web security problem, where does HTTPS most often fail? Where does it seldom fail? If I wanted to act as a malicious user or host, what would I do? How might the protocol be improved?

If you know of some good resources on the subject or a better place to ask these types of questions, do tell. I'm not asking "How do I break into Amazon", I rather find the best way to learn about something is to watch it fail catastrophically.