https ssl algorithm entirely in java/script
#1
i was wondering is it possible to write the https ssl engine completely in java or even javascript so a web site does not even have to rely on the ssl engines built into the operating system?

advantage of such things would be  

1. no more security problems caused by bugs in the ssl engines like openssl because the site would send the encryptor code as an html javascript or as a java applet along with the certificate and make the javascript or applet do the job of the ssl engine.

2.  no more

Safari can’t open the page “https://site.com” because Safari can’t establish a secure connection to the server “site.com”.

though i have found a rather clunky workaround by routing all https through a debugger proxy program and then trusting their certificates it would be nice not to have to launch another helper program and enable https through proxy just for a couple sites.

i suspect that it is because apple decided to to disable ssl 3.0 in safari witch closed the poodle flaw.
Reply
#2
I don't think you understand how any of that works.

Re-writing something in a different language doesn't eliminate bugs. In fact, chances are you'll introduce new bugs and make it less secure rather than more secure.

Not to mention when you are done re-writing it, it will probably be incompatible with every other implementation so you'll never successfully create a connection.
Reply
#3
java/script was used to make a crypto locker ransomware so it shouldnt be too hard to write something that takes the inputs from the web forms and encrypts it and sends it to the server.


also it being proprietary to the writer would make it more difficult for hackers to break
Reply
#4
To connect to the internet, you pretty much have to use html, and usually java script. I don't think it's possible to bypass html. Unless you write some super complicated javascript code, but even then I don't think that would work, if it's even possible, which I doubt.
Reply
#5
You mean to establish a secured connection through HTML pages using javascript as an engine? I may have a few arguments against this idea.

1. You can't do that directly because a sniffing tool might sniff over the network and catch the engine (the engine first sent to the client in order to encrypt/decrypt the key/content), which leads to an entire security breach. To avoid this, you need an SSL connection to encrypt the data sent via client-server, and if you have it, you won't even need the system you've just described.

2. You'll need an applet/add-on or something like that to be installed in the target machine before you attempt to use it. And there are many add-ons for browsers which provide free VPN/SSL proxies, so, in my opinion, your idea is not something new, unless you were referring to something else..
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  Java Course Materials RobertX 6 9,566 Sep 05, 2024, 02:36 am
Last Post: samui
  how can i learn to use Java efficiently Blue_Bon 10 11,379 Feb 26, 2024, 08:41 am
Last Post: RobertX
  Question About the Concept of Abstracts in Java RobertX 4 5,368 Jan 17, 2024, 07:50 am
Last Post: gulshan212
  Problem with Longest Increasing Subsequence Algorithm Avantika_Sharmaa24 1 7,363 Sep 26, 2023, 07:15 am
Last Post: gulshan212
  [Release] OfflineBay v2 - Open source and No more Java dependency techtac 55 327,289 Apr 01, 2022, 13:42 pm
Last Post: UnknownIdot



Users browsing this thread: 2 Guest(s)