On Thursday, the OpenSSL team issued an advisory (CVE-2014-0224) that warned of new SSL/TLS vulnerabilities — for certain releases of OpenSSL — that may leave SSL clients and servers susceptible to man-in-the-middle (MITM) attacks.
A year and a half ago, Google started an experiment to speed up SSL by 30% by using an improvement called False Start. Our own Bruce Morton wrote about it not once but twice, and most of the world has been hopeful about the experiment. What’s not to like about a 30% speed improvement? Sadly, Adam Langley has said that