We have support for a"ServerInfo" file checked into OpenSSL. This is a file with... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		trevp on Sept 13, 2013 \| parent \| context \| favorite \| on: New NSA Leak Shows MITM Attacks Against Major Inte... We have support for a"ServerInfo" file checked into OpenSSL. This is a file with PEM blobs that can specify TACK and similar data (e.g. Certificate Transparency) that an OpenSSL server will return to clients if requested. This is a generic mechanism for TLS Extensions instead of TACK-specific, but it's what we need. It will hopefully appear in OpenSSL 1.0.2. We'll be submitting Apache patches for it shortly. Daniel Jackoway (in this thread somewhere) is working on the NSS (client-side) corollary.

newman314 on Sept 13, 2013 [–]

Any chance this is backported to 0.9.8 series? I still see a ton of installs using 0.9.x

trevp on Sept 13, 2013 | [–]

Don't think they do that with new features, but not totally sure.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact