Skip to main content

TLS Connection Validation by Web Browsers: Why do Web Browsers still not agree?

Wazan, Ahmad Samer, Laborde, Romain, Chadwick, David W., Barrere, Francois, Benzekri, Abdelmalek (2017) TLS Connection Validation by Web Browsers: Why do Web Browsers still not agree? In: Compsac -New York-. 2017 IEEE 41st Annual Computer Software and Applications Conference (COMPSAC). . Institute of Electrical and Electronics Engineers (IEEE) ISBN 978-1-5386-0367-3. (doi:10.1109/COMPSAC.2017.240) (KAR id:62572)

PDF Author's Accepted Manuscript
Language: English
Download (893kB) Preview
[thumbnail of compsac2017final.pdf]
This file may not be suitable for users of assistive technology.
Request an accessible format
Official URL


The TLS protocol is the primary technology used for securing web transactions. It is based on X.509 certificates that are used for binding the identity of web servers’ owners to their public keys. Web browsers perform the validation of X.509 certificates on behalf of web users. Our previous research in 2009 showed that the validation process of web browsers is inconsistent and flawed. We showed how this situation might have a negative impact on web users. From 2009 until now, many new X.509 related standards have been created or updated. In this paper, we performed an increased set of experiments over our 2009 study in order to highlight the improvements and/or regressions in web browsers’ behaviours.

Item Type: Conference or workshop item (Proceeding)
DOI/Identification number: 10.1109/COMPSAC.2017.240
Uncontrolled keywords: X.509 Certificate; Certificate Validation; Web browsers
Subjects: Q Science
T Technology
Divisions: Divisions > Division of Computing, Engineering and Mathematical Sciences > School of Computing
Depositing User: D. Chadwick
Date Deposited: 07 Aug 2017 13:53 UTC
Last Modified: 16 Feb 2021 13:47 UTC
Resource URI: (The current URI for this page, for reference purposes)
Chadwick, David W.:
  • Depositors only (login required):


Downloads per month over past year