|
|
|
|
|
|
by capt_hotpants
3866 days ago
|
|
|
If you read the fine print in bullet #8, you'll discover that there is, per default, no validation of the presented certificate at all. Without proper certificate validation, the encryption step is cryptographically worthless. Anyone can MITM the traffic just by presenting a random certificate to the sender. |
|
|