[Ach] +SSLv3 vs. !SSLv3 in SSLProtocol vs. SSLCipherSuite

Aaron Zauner azet at azet.org
Fri Oct 17 15:17:15 CEST 2014


Hi Martin,

* Martin Paljak <martin at martinpaljak.net> [141017 15:12]:
> On Fri, Oct 17, 2014 at 3:41 PM, L. Aaron Kaplan <kaplan at cert.at> wrote:
> > On a similar note: who of you will be at hack.lu 2014?
> 
> 
> And who will be at FOSDEM?
> 
> https://github.com/security-devroom/fosdem-2015#security-devroom--fosdem15

I'll be at FOSDEM as usual. Last year I saw the submission for the
Security Devroom far after CFP closed, unfortunately. We already
have an internal discussion going whether or not we should submit
bettercrypto related talk(s) to your Devroom. Are you interested in
one? Another good addition would be a talk on secure TLS coding
practices for FOSS Devs (how to properly interface to OpenSSL,
GnuTLS, crypto primitives, common pitfalls et cetera - I've seen a
lot of bad code from people that just cannot handle the OpenSSL API
- also in dynamic languages; Ruby people still widely turn off
  certificate verification in RoR apps, Python 2.6, 2.7 had the same
problem).

Aaron
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 801 bytes
Desc: Digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141017/84ae969b/attachment.sig>


More information about the Ach mailing list