STORY
API Security Rant on SSLv3 Handshake Failures
API Security Rant on SSLv3 Handshake Failures
- Expressing frustration with a vendor API that lacked modern TLS security.
Handshake Failure
- On April 27, 2015, I called out a vendor's API for using outdated security.
- While executing a curl request, I encountered an SSL alert handshake failure due to a lack of TLS support.
- I complained that the server only supported broken and insecure SSLv2 and SSLv3 protocols, remarking that they should catch up with modern standards.
These facts are as Randal recalls them, but much time has passed for most of this. If you find a factual error, please email realmerlyn@gmail.com.