Skip navigation

Ivan Ristic

Does not want to have a tagline.
Login or Sign Up to find out more about ivanr
Name:
Ivan Ristic
Status Level:
Level 4 Level 4 (1,980 points)
Member Since:
Jul 23, 2010
Company:
Qualys  
Occupation:
Director of Application Security Research  
Groups:
QSC 2011 - London   QSC 2012 - Las Vegas

Recent Activity

Ivan Ristic modified SSL Labs Test for the Heartbleed Attack

"Heartbleed is a name for a critical vulnerability in OpenSSL, a very widely deployed SSL/TLS stack. A coding error had been made in the Open"

in Security Labs 16 comments 1 bookmarks
3 days ago
Ivan Ristic replied to HSTS unknown and Pound proxy

"Thanks for catching that. Will fix. (I don't understand how they could have put that in the "Examples" section, without mentioning it in 6.1"

in SSL Labs 3 replies
3 days ago
Ivan Ristic replied to HSTS unknown and Pound proxy

"The initial request goes like this:   GET / HTTP/1.0 Host: www.example.com User-Agent: SSL Labs (https://www.ssllabs.com/about/assessment"

in SSL Labs 3 replies
4 days ago
Ivan Ristic replied to How to disable Insecure Client-Initiated Renegotiation in IIS8

"David,   IIS should not support client-initiated renegotiation at all (starting with IIS6). It's possible that there is another device or s"

in SSL Labs 2 replies
4 days ago
Ivan Ristic replied to Length of URL exceeds some maximum

"Yes, that's what it means. (It seems we forgot to provide a message for the built-in code. Thanks for letting us know.)   We don't need to"

in SSL Labs 2 replies
5 days ago
Ivan Ristic replied to SSL Certificate keeps changing on IIS7, I don't have any idea what keeps changing it?

"That sounds like _your_ communication with that server is being hijacked, either because of an man in the middle attack or corporate policy."

in SSL Labs 2 replies
5 days ago
Ivan Ristic replied to Can domains block ssllabs.com/slltest?

"Karl,   Please see my previous response here: https://community.qualys.com/message/19412#19412"

in SSL Labs 2 replies
5 days ago
Ivan Ristic replied to TLS Plaintext Injection (CVE-2009-3555)

"Not likely. A server that allows insecure renegotiation can be exploited against older insecure clients, which are still present in large nu"

in SSL Labs 8 replies
6 days ago
Ivan Ristic replied to TLS Plaintext Injection (CVE-2009-3555)

"Before the attack, there is no communication between victim and server. Only attacker and victim, and the attacker will not advertise suppor"

in SSL Labs 8 replies
6 days ago
Ivan Ristic replied to missing certificate in trust store

"Hi Kode,   It's because the certificate is weak, and should be assumed broken by those with access to significant (nit not unreasonable) co"

in SSL Labs 1 replies
6 days ago
Ivan Ristic replied to This server supports anonymous (insecure) suites.

"Ivan,   You are getting those results because those suites are enabled on your site. You can verify the results manually using OpenSSL (fro"

in SSL Labs 2 replies
1 week ago
Ivan Ristic replied to TLS Plaintext Injection (CVE-2009-3555)

"Hi Adrian,   1. A small number of server does indeed support both insecure and secure renegotiation.   2. "Supports insecure renegotiation"

in SSL Labs 8 replies
1 week ago
Ivan Ristic commented on SSL Labs Test for the Heartbleed Attack

"No. 42% support some Forward Security suites, but they are not using them well, and end up using non-FS suites with reference browsers."

in Security Labs 16 comments 1 bookmarks
1 week ago