HVLearn - Automated Black-Box Analysis of Hostname Verification in SSL-TLS Implementations

Explore an automated black-box analysis technique for hostname verification in SSL/TLS implementations through this IEEE conference talk. Dive into the HVLearn framework, which utilizes automata learning algorithms to test and analyze various SSL/TLS libraries and applications. Understand the importance of hostname verification in certificate validation, the challenges involved in testing complex implementations, and how HVLearn leverages certificate templates and Deterministic Finite Automaton (DFA) models to identify discrepancies and potential vulnerabilities. Learn about the framework's effectiveness in achieving higher code coverage compared to existing fuzzing techniques and discover the critical violations of RFC specifications uncovered during testing. Gain insights into topics such as POS host notification, subject autotuned name, terminal learning, testing paths and certificates, model comparison, and international domain name handling in SSL/TLS implementations.