[dundee] ssl.py - WTF were these guys smoking???
Arron 'Finux' Finnon
finux at finux.co.uk
Sun Mar 6 15:00:25 UTC 2011
http://rants.smtps.net/2011/03/Unauthenticated-SSL-Sends-a-Dangerous-Message
Its slightly off topic i grant you, but after reading what i can only
call a justified rant, i'm a little taken back for words.
ssl.py seems to by default use SSL v2, and does no cert verification
whatsoever. Just blindly accept the certificate it gets.
Okay, is it me or does break shit just get easier
--
Arron "finux" Finnon
Finux.co.uk - Twitter.com/f1nux - facebook.com/finux
PGP: http://finux.co.uk/finux.asc
More information about the dundee
mailing list