COMMAND

    Lynx-SSL

SYSTEMS AFFECTED

    lynx (all versions)

PROBLEM

    Pawel Grajewski found following.  Last time he was playing  around
    with mod_ssl, he had tried to set up a test SSL-secured Web  site.
    He quickly generated a self-signed certificate, then he wanted  to
    check with Lynx-SSL if it works.  Pawel was really surprised, that
    Lynx-SSL didn't complain about server certificate.  Other browsers
    did.

SOLUTION

    According to Lynx-SSL web  site, support for server  certicates is
    planned  as  a   "future  ehnancement".    Before  that  will   be
    implemented, there  is no  way for  a potential  Lynx-SSL user  to
    check wheather  server's certificate  is valid.   That makes  this
    software fully vulnerable to MITM attacks.