+- Sinisterly (https://sinister.ly)
+-- Forum: Hacking (https://sinister.ly/Forum-Hacking)
+--- Forum: Network Hacking (https://sinister.ly/Forum-Network-Hacking)
+--- Thread: SSL problem with self-generated certificates? (/Thread-SSL-problem-with-self-generated-certificates)
SSL problem with self-generated certificates? - 3SidedSquare - 07-05-2013
Just a quick question for all of you knowlegeable about encryption:
If I am using a self-generated certificate (as opposed to a bought certificate) for an SSL connection, is there any chance of the messages being intercepted, or of a MIM attack?
P.S. I'm using python's bult-in ssl library to wrap sockets, if it makes any difference.
RE: SSL problem with self-generated certificates? - w00t - 07-05-2013
Self-signed = trivial to MITM.
Ok I got bored so let me elaborate.
When you self-sign it, that means there isn't anyone else that can verify if the public key the client received is the correct one. This means an attacker can just intercept the SSL handshake and give the client their self-signed certificate.
RE: SSL problem with self-generated certificates? - 3SidedSquare - 07-05-2013
Got it, thanks a bunch w00t.