1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

SSL flaw forces Mozilla to pull Opportunistic Encryption

Discussion in 'CSO' started by RSS, Apr 7, 2015.

  1. RSS

    RSS New Member Member

    Less than a week after it was introduced in Firefox 37, Opportunistic Encryption (OE) has been removed by Mozilla due to a flaw that was discovered in their HTTP Alternative Services implementation.

    OE offered unauthenticated encryption over TLS, boosting the level of security for data that would've otherwise been transmitted via clear text. Thus the feature, wrote Patrick McManus, a network developer for Mozilla, created some level of confidentiality in the face of passive eavesdropping.

    Security experts were pleased by OE, commenting that Firefox had taken a step in the right direction, removing almost all barriers to encrypting Web traffic.

    To read this article in full or to leave a comment, please click here

    Continue reading...

Share This Page