The most dangerous code: Validating SSL certs in non-browser software (2012) [pdf] 3 days ago (cs.cornell.edu) 2 comments ripe Reply Add to library philipwhiuk 3 days ago [2012]The situation has improved somewhat, although some of the underlying libraries have changed little so it's still easy to write insecure TLS.cURL's API was improved in 7.66.0 for example: https://github.com/curl/curl/pull/4241But the Java APIs are likely little changed. samarthr1 2 hours ago And, the worst part is that because it is an "application" issue, it is possible that it is going to a "gift that keeps on giving" for a long time.And the worst part is that most (indian) banks have been using only android/ios for "security" for some time now.
philipwhiuk 3 days ago [2012]The situation has improved somewhat, although some of the underlying libraries have changed little so it's still easy to write insecure TLS.cURL's API was improved in 7.66.0 for example: https://github.com/curl/curl/pull/4241But the Java APIs are likely little changed. samarthr1 2 hours ago And, the worst part is that because it is an "application" issue, it is possible that it is going to a "gift that keeps on giving" for a long time.And the worst part is that most (indian) banks have been using only android/ios for "security" for some time now.
samarthr1 2 hours ago And, the worst part is that because it is an "application" issue, it is possible that it is going to a "gift that keeps on giving" for a long time.And the worst part is that most (indian) banks have been using only android/ios for "security" for some time now.
[2012]
The situation has improved somewhat, although some of the underlying libraries have changed little so it's still easy to write insecure TLS.
cURL's API was improved in 7.66.0 for example: https://github.com/curl/curl/pull/4241
But the Java APIs are likely little changed.
And, the worst part is that because it is an "application" issue, it is possible that it is going to a "gift that keeps on giving" for a long time.
And the worst part is that most (indian) banks have been using only android/ios for "security" for some time now.