Y
Hacker News
new
|
ask
|
show
|
jobs
by
perfectfire
3557 days ago
That's a good point. If they got ahold of Yahoo's cert key they could even grab passwords before SSL termination.
1 comments
schoen
3557 days ago
Not passively anymore: login.yahoo.com is negotiating PFS ciphersuites which the private key can't decrypt without a copy of the ephemeral ECDHE parameters.
link