O'Reilly logo

Mastering Internet of Things by Peter Waher

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Validating certificates

An encryption scheme contains a chain of events and is no more secure than its weakest link. For HTTPS, the weakest links are certificate validation and the choice of ciphers.

Many developers deceive themselves by using self-signed certificates. These are easy to produce and do not cost anything, but they don't validate either. To avoid problems, certificate validation is disabled in software. Perhaps these developers think that it's enough not to be able to directly view what is being communicated by a sniffer. This is not correct. When you disable certificate validation, you also lose the ability to verify whether a malicious user is pretending to be the expected remote party, using a man-in-the-middle or MITM attack. ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required