TinySSL Vendor Statement: Basic Constraints Vulnerability

TinySSL is an open source, compact (125k jar), SSLv3 client
implementation written in Java (1.1+). Version 1.02 and earlier is
vulnerable to the attack posted last week by Mike Benham:

http://online.securityfocus.com/archive/1/286290

An updated version (1.03) has been posted which fixes this
vulnerability; it is currently available from the XWT project's CVS
repository, which is the official distribution point for TinySSL.

More information can be found at http://www.xwt.org/tinyssl/

• a

–
Sick of HTML user interfaces?
www.xwt.org

Amendment XXVIII: "thou shalt maximize thy stock price at all costs"