Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

That's a good point. If they got ahold of Yahoo's cert key they could even grab passwords before SSL termination.


Not passively anymore: login.yahoo.com is negotiating PFS ciphersuites which the private key can't decrypt without a copy of the ephemeral ECDHE parameters.




Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: