mailing list archives
Re: questions on SSL
From: Ansgar Wiechers <bugtraq () planetcobalt net>
Date: Fri, 14 Nov 2008 19:00:31 +0100
On 2008-11-14 Chris Mitchell wrote:
A new certificate would need to be issued for each domain/sub domain.
Wrong. Wildcard certificates do exist, even though they're more
expensive than "normal" ones.
All links would also need to be hard coded to use the SSL/HTTPS.
Wrong as well. Links usually don't have the protocol hardcoded in them,
but use whatever protocol the containing page uses. Plus, web servers
can be configured to automatically redirect <http://my.example.com> to
<https://my.example.com>. This is entirely transparent to the client.
"All vulnerabilities deserve a public fear period prior to patches
--Jason Coombs on Bugtraq