Dissecting SSL handshake

Discussion in 'other security issues & news' started by CloneRanger, Jun 20, 2012.

Thread Status:
Not open for further replies.
  1. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    Test yours here

     
  2. BrandiCandi

    BrandiCandi Guest

    But the payload itself remains unreadable. Someone may be able to tell you're sending a facebook message (for instance) but they won't know what the message says. That's the point of SSL, isn't it?

    If you want to be more anonymous, that's what tor and proxies are for. Tunnel your traffic through ssh, which encrypts everything inside the tunnel.
     
  3. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ BrandiCandi

    Hi, the concern though, is the "possibility" of browser fingerprinting etc.
     
  4. BrandiCandi

    BrandiCandi Guest

    Huh. If you're concerned about browser fingerprinting then you are certainly not going to rely on SSL to anonymize you.

    The purpose of SSL is to prevent eavesdropping and tampering of traffic between a client and server. It's not to make you totally anonymous. The message is safe but you're not invisible. If you want to hide things like your browser and OS from websites, then you need to browse in private (IE and FF have those options, I'm sure others do too). In FF you can also tell websites that you don't want to be tracked. I have tested the latter option and when I land on a web server, they don't list my OS or browser. See the screenshot to prevent websites from tracking you in Firefox:

    ffprivacy.png
     
  5. CloneRanger

    CloneRanger Registered Member

    Joined:
    Jan 4, 2006
    Posts:
    4,833
    @ BrandiCandi

    Huh, well the reason i posted the link, was to show people that "maybe" didn't realise, SSL isn't as Anon as "some" may think.

    Yeah, i have my FF sorted, thanks ;)
     
  6. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    SSL has never been about anonymity. If people believe that, they have never understood the purpose of SSL. But, that's not the fault of SSL.

    SSL has many problems (specifically with the PKI) but it does a good job as far as privacy is concerned.
     
Loading...
Thread Status:
Not open for further replies.