Pascal Schärli
Watched a hilarious video by @tom7 deliberately implementing the worst TLS stack possible. It's also a very accessible refresher in what goes into a TLS session: https://youtu.be/M1si1y5lvkk
No one can force me to have a secure website!!!

YouTube
Apr 15 at 2:48pmMastodon for Android
Show threadPascal SchärliApr 15

Spoilers:

- Server random is always his credit card number
- RSA key has 16 prime factors instead of 2, making it easy to factor
- AES-CBC with IV set to first plaintext block, so it encrypts to 0
- Responses limited to 16 bytes, forcing max 1 block per encryption -> entire stream visible in IVs
- Session tickets = raw master secret

+ Full Heartbleed support