[Date Prev][Date Next] [Chronological] [Thread] [Top]

Is TLS broken?

I understand that TLS is composed of two parts the Record Protocol and the Handshake Protocol.

My experience so far leads me to believe that the Handshake Protocol is not implemented. You can put any certificate in and there's no verification at the other end. Have I missed something?

This is important, because it would then be possible to recover the username/password that a replicating server was using (for example).

Are there any alternatives to this? Currently, using SSL wrappers (like sslwrap) or ssh seems to be the correct solution.