Someone should set up a bet about what point in time more than 50% of MITM attempts with revoked (& Heartbleed-snarfed) certs will be caught by default configured browsers. "Never?"
This and lack of PFS are much bigger catastrophes than
the OpenSSL debacle in itself.
(PFS: supported by TLS but disabled by almost everyone so all your old traffic is decryptable with heartbled cert).
This and lack of PFS are much bigger catastrophes than the OpenSSL debacle in itself.
(PFS: supported by TLS but disabled by almost everyone so all your old traffic is decryptable with heartbled cert).