Hi All/nick, "Cryptography — Modified the default implementations of SecureRandom and Cipher.RSA to use OpenSSL. Added SSLSocket support for TLSv1.1 and TLSv1.2 using OpenSSL 1.0.1"
Its awesome that TLS 1.2 is available. Coupled with pinning, the secure channel has a chance to really be secure. Am I the only guy who says "WTF?" when a PenTester proxy's an SSL/TLS connection (and completely destroys the secure channel)? Is libcore SSL/SecureRandom now hedging (http://www.isoc.org/isoc/conferences/ndss/10/pdf/15.pdf)? If not, what was changed with SecureRandom? I'm aware of Amit Sethi's https://www.cigital.com/justice-league-blog/2009/08/14/proper-use-of-javas-securerandom/, but I'm not aware of any other problems. Jeff -- You received this message because you are subscribed to the Google Groups "Android Security Discussions" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/android-security-discuss?hl=en.
