TESTING TLS - HOW TO CHECK IF YOUR TLS IMPLEMENTATION IS CORRECT presented at Ruxcon 2015

by Hubert Kario,

Summary : While we all use TLS and depend on its security, recent stream of severe issues in major TLS implementations undermined trust in it. How many of those implementations are tested and how thoroughly? In the talk Hubert Kario will discuss problems related to testing TLS implementations and propose a solution in form of an open source test suite and framework for verifying correctness and resiliency of TLS implementations against attacks. The tools described are aimed at anybody from system administrators to developers working on new TLS implementations. The presentation will include examples showing how easy it is to test correctness of an arbitrary TLS server as well as how to test a new feature added to a given TLS stack.