SSL Blacklist – Firefox Plugin Detects Bad Certificates

January 2, 2009 – 11:51 AM

This Firefox plugin was first created back during the Debian/OpenSSL scare about 6 months ago where the key pairs that were generated from an affected machine were easily guessable. Marton Anka created this plugin to help users find these bad certificates:

sslblacklist

On 12/31/2008, Marton updated this plugin to detect the vulnerable MD5 based certificates that were recently exploited:

sslblacklist2

You can find this Plugin and any additional information at the website:

http://www.codefromthe70s.org/sslblacklist.aspx

  1. One Response to “SSL Blacklist – Firefox Plugin Detects Bad Certificates”

  2. It’s a real shame that the main site is down, as I have a comment to make about the plugin… it detects dual-signed certs (md5 and sha1) as weak, but firefox should spot the sha1 signature as best and just use it.

    By Martyn Ranyard on Jun 18, 2009

You must be logged in to post a comment.