02 Jul 2018
TLS Safari compatibility
02 Jul 2018
The TLS protocol is used to provide privacy and data integrity between two or more communicating computer applications. When secured by TLS, connections between a client and a server have one or more of the following properties:-
- The connection is private
- The identity of parties can be authenticated
- The connection is reliable
Transportation layer came from Secure Socket Layer. A careful configuration of TLS will provide additional privacy-related properties like forwarding secrecy, prevent discloser of encryption keys etc.
Some of the TLS certificates do not support old Safari versions.
Impact
The impact include:-
- Renegotiation attack
- Downgrade attacks like Logjam and FREAK
- Cross-platform attacks like DROWN
- BEAST attack
- Breach attacks
- POODLE attacks
Mitigation / Precaution
This vulnerability can be fixed by:-
- Changing the TLS cipher for the end users that use the older version of Safari.
Latest Articles
Htaccess Bypass
April 30 2021
Insecure File Upload
April 27 2021
Remote Code Execution (RCE)
April 8 2021
Building Application Security in the Azure DevOps Pipeline
February 10 2021
Popular in Injection
Union Query SQL Injection (SQLi)
July 4 2018
Stacked Queries SQL Injection (SQLi)
July 4 2018
SQL injection(SQLi)
July 4 2018
Inline Queries SQL Injection (SQLi)
July 4 2018
Error based SQL Injection (SQLi)
July 4 2018
Categories
Client Side URL Redirect HSTS Cookies Attributes IBM SQL injection injection Time Based Blind SQL Injection SSL Injection CRLF Content Security Policy CSRF CORS Information Leakage status code SRI metadata X-XSS-Protection owasp Clickjacking XSS Cookies Directory traversal DOM XSS RFI SQL Injection Blind SQL Injection XML Injection blog Web Server TLS WordPress web security SMB Cyber attacks AI Web server Wordpress DATA SECURITY DOMECTF2020 Container security CMS Security Data Security Code Execution Content security policy Htaccess
Latest Articles
