Hi All,
I have tried to connect to several HTTPS web site using the web browser included in the SmartTV simulator (part of the SDK).
To my astonishment, I found that the SmartTV web browser happily connects to any HTTPS web site regardless of the SSL Server certificate being untrusted, revoked, or even expired.
Unless this behaviour is a known limitation of the SDK, not found on real Smart TVs, this is a huge security hole that should be fixed quickly.
Can anybody explain what trusted CAs are embedded in the SDK (and in real TVs, if those are different) ?
And how come the SmartTV specification does not address this issue?
-- Adriano
Severely broken handling of SSL/TLS certificates?
2 posts
• Page 1 of 1
Severely broken handling of SSL/TLS certificates?
by adriano.santoni_1 » Thu Nov 20, 2014 9:08 am
- adriano.santoni_1
- Posts: 1
- Joined: Mon Jul 27, 2015 5:07 am
Severely broken handling of SSL/TLS certificates?
by Support_STA » Mon Nov 24, 2014 12:12 am
Hi,
We had sent this information to related person.
Please wait for a while.
Regards.
We had sent this information to related person.
Please wait for a while.
Regards.
- Support_STA
- Posts: 136
- Joined: Fri Aug 09, 2013 3:56 am
2 posts
• Page 1 of 1