Thursday, June 10, 2010

Juniper SSL VPN - SSL cipher suites

Juniper's SSL VPN continues to baffle me by doing inexplicably weird things. For example, you can tell it not to use weak ciphers, which is good. But it doesn't actually shut them off. It continues to let you negotiate an SSL session with weak ciphers, but then the SSL VPN itself gives you an error message: "This site requires Strong ciphers. Please upgrade your browser."

Ok, so maybe that's kind of user friendly, but I wouldn't be surprised if it was exploitable as well.

Saturday, June 5, 2010

Like A Boss

I will be talking about JBoss fail at DEFCON 18. Hope to see you there!