Java's SSLSocket: How Bad APIs Compromise Security presented at DeepSec 2014

by Georg Lukas,

Summary : Internet security is hard. TLS is almost impossible. Implementing TLS correctly in Java is "Nightmare!". This talk will show how a badly designed security API introduced over 15 years ago, combined with misleading documentation and developers unaware of security challenges, causes modern smartphone applications to be left exposed to Man-in-the-Middle attacks.