Security News > 2016 > April > PHP, Python still fail to spot revoked TLS certificates (Help Net Security)

In 2012, a group of researchers demonstrated that SSL certificate validation is broken in many applications and libraries, and pointed out the root causes for that situation: badly designed APIs of SSL implementations and data-transport libraries. Four years later, Sucuri Security researchers wanted to check what’s the current situation, and discovered that there have been some improvements, but that PHP, Python and Google Go still fail to check if a TLS certificate has been revoked. … More →

News URL

http://feedproxy.google.com/~r/HelpNetSecurity/~3/qyCiV38SU04/