Forums Community SSL vulnerabilities – WikiLeaks Reply To: SSL vulnerabilities – WikiLeaks

#5748 Reply


Again, thank you for your reply.

SSL can be logged by somebody in a privileged position: AV scanners, corporate firewalls, Superfish-style vulnerabilities to name but a few.

SSL on its own isn’t used to protect world secrets; it’s used in conjunction with other protocols – normally E2E encryption in addition to SSL.

I’m not advocating you roll your own encryption; that’s a terrible idea even for an experienced cryptographer. I am suggesting that you consider an additional, peer-reviewed protocol like PAKE, in addition to SSL.

Regarding this site, take a look at your Qualys report. The site scores an F – the lowest possible. A+ is the best possible mark.