SSL and TLS have become the de-facto standards for transport-layer encryption. In recent years, many vulnerabilities have been uncovered in both the standards, their implementation and the way people configure and use them. This talk is exploring in details a lesser-known and much less talked about part of the standard which breaks some of the security properties one would expect. A tool allowing for forensic recovery of plaintext (even when PFS ciphers are in use) will be released.
Florent works as a security professional for a boutique security consultancy firm in London, UK. By day, he is raising security awareness; training people under the Tiger Scheme umbrella, breaking things on request for a select few clients, and annoying vendors exposing obvious bugs in popular 'security' products. In 2012, he was awarded a Pwnie Award at Black Hat for exposing the Most Epic Fail of the year. By night, and for over a decade now, he is secretly working on Freenet (https://freenetproject.org), a decentralized, peer-to-peer censorship resistant tool allowing to publish and retrieve content anonymously.