Uh, good luck convincing anyone that April 2014 does anything other than demonstrate there are exactly zero reliable implementations of TLS. If the most widely used implementation can demonstrate that level of incompetence, what chance do any of the others have.
And I don't care if pointing that out costs me mod points. Its seems on these types of conversations negative points are a mark of honesty.
It’s not clear to me that an exploit of a vulnerability in a not-widely-used TLS implementation in native OCaml (or a vulnerability in any of the other software in use on that system) would be more valuable than the bounty offered.
And I don't care if pointing that out costs me mod points. Its seems on these types of conversations negative points are a mark of honesty.