Techly NewsGet the app

Get the latest tech news

Vulnerabilities show why STARTTLS should be avoided if possible (2021)


Guest Post: Study finds more than 40 STARTTLS-related security flaws in many different software products, both client-side and server-side.

All the above vulnerabilities stem from the fact that STARTTLS introduces a state transition between an unencrypted and encrypted connection that is error-prone. We recommend that server operators of mail services make sure they offer the implicit TLS versions of all three email protocols. Ideally, future mail clients would neither offer unencrypted nor STARTTLS connections and just always use implicit TLS.

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Vulnerabilities

Vulnerabilities

Photo of STARTTLS

STARTTLS

Related news:

News photo

Google Play Will No Longer Pay To Discover Vulnerabilities In Popular Android Apps

News photo

Google Play will no longer pay to discover vulnerabilities in Android apps

News photo

The Nation's Best Hackers Found Vulnerabilities in Voting Machines - But No Time To Fix Them

« Rustproofing Linux (Part 1/4 Leaking Addresses) (2023)
NASA's SLS rocket's Mobile Launcher-2 increase from $383M to $2.7B »