{"status":"ok","message-type":"work","message-version":"1.0.0","message":{"indexed":{"date-parts":[[2026,4,22]],"date-time":"2026-04-22T20:20:42Z","timestamp":1776889242527,"version":"3.51.2"},"publisher-location":"New York, NY, USA","reference-count":65,"publisher":"ACM","license":[{"start":{"date-parts":[[2018,5,27]],"date-time":"2018-05-27T00:00:00Z","timestamp":1527379200000},"content-version":"vor","delay-in-days":0,"URL":"https:\/\/www.acm.org\/publications\/policies\/copyright_policy#Background"}],"content-domain":{"domain":["dl.acm.org"],"crossmark-restriction":true},"short-container-title":[],"published-print":{"date-parts":[[2018,5,27]]},"DOI":"10.1145\/3180155.3180226","type":"proceedings-article","created":{"date-parts":[[2018,6,12]],"date-time":"2018-06-12T12:16:01Z","timestamp":1528805761000},"page":"859-870","update-policy":"https:\/\/doi.org\/10.1145\/crossmark-policy","source":"Crossref","is-referenced-by-count":24,"title":["RFC-directed differential testing of certificate validation in SSL\/TLS implementations"],"prefix":"10.1145","author":[{"given":"Chu","family":"Chen","sequence":"first","affiliation":[{"name":"Xidian University, Xi'an, P.R. China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Cong","family":"Tian","sequence":"additional","affiliation":[{"name":"Xidian University, Xi'an, P.R. China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Zhenhua","family":"Duan","sequence":"additional","affiliation":[{"name":"Xidian University, Xi'an, P.R. China"}],"role":[{"role":"author","vocabulary":"crossref"}]},{"given":"Liang","family":"Zhao","sequence":"additional","affiliation":[{"name":"Xidian University, Xi'an, P.R. China"}],"role":[{"role":"author","vocabulary":"crossref"}]}],"member":"320","published-online":{"date-parts":[[2018,5,27]]},"reference":[{"key":"e_1_3_2_1_1_1","doi-asserted-by":"publisher","DOI":"10.1038\/nchem.2383"},{"key":"e_1_3_2_1_2_1","doi-asserted-by":"crossref","unstructured":"R. Barnes M. Thomson A. Pironti and A. Langley. 2015. Deprecating Secure Sockets Layer Version 3.0. (June 2015). https:\/\/tools.ietf.org\/html\/rfc7568","DOI":"10.17487\/RFC7568"},{"key":"e_1_3_2_1_3_1","doi-asserted-by":"publisher","DOI":"10.1093\/comjnl\/bxq042"},{"key":"e_1_3_2_1_4_1","doi-asserted-by":"crossref","unstructured":"K. Bhargavan A. Delignat-Lavaud A. Pironti A. Langley and M. Ray. 2015. Transport Layer Security (TLS) Session Hash and Extended Master Secret Extension. (September 2015). https:\/\/tools.ietf.org\/html\/rfc7627","DOI":"10.17487\/RFC7627"},{"key":"e_1_3_2_1_5_1","doi-asserted-by":"publisher","DOI":"10.1145\/566172.566191"},{"key":"e_1_3_2_1_6_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2119"},{"key":"e_1_3_2_1_7_1","doi-asserted-by":"crossref","unstructured":"M. Brown and R. Housley. 2010. Transport Layer Security (TLS) Authorization Extensions. (May 2010). https:\/\/tools.ietf.org\/html\/rfc5878","DOI":"10.17487\/rfc5878"},{"key":"e_1_3_2_1_8_1","doi-asserted-by":"publisher","DOI":"10.1109\/SP.2014.15"},{"key":"e_1_3_2_1_9_1","doi-asserted-by":"publisher","DOI":"10.5555\/1855741.1855756"},{"key":"e_1_3_2_1_10_1","doi-asserted-by":"publisher","DOI":"10.1038\/nrm4014"},{"key":"e_1_3_2_1_11_1","doi-asserted-by":"publisher","DOI":"10.1145\/2786805.2786835"},{"key":"e_1_3_2_1_12_1","doi-asserted-by":"publisher","DOI":"10.1145\/1950365.1950396"},{"key":"e_1_3_2_1_13_1","doi-asserted-by":"publisher","DOI":"10.1145\/2110356.2110358"},{"key":"e_1_3_2_1_14_1","doi-asserted-by":"publisher","unstructured":"S. Chokhani and W. Ford. 1999. Internet X.509 Public Key Infrastructure Certificate Policy and Certification Practices Framework. (March 1999). https:\/\/tools.ietf.org\/html\/rfc2527","DOI":"10.17487\/RFC2527"},{"key":"e_1_3_2_1_15_1","doi-asserted-by":"crossref","unstructured":"D. Cooper S. Santesson S. Farrell S. Boeyen R. Housley and W. Polk. 2008. Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. (May 2008). https:\/\/tools.ietf.org\/html\/rfc5280","DOI":"10.17487\/rfc5280"},{"key":"e_1_3_2_1_16_1","doi-asserted-by":"publisher","DOI":"10.1145\/1595676.1595692"},{"key":"e_1_3_2_1_17_1","doi-asserted-by":"publisher","DOI":"10.1145\/1287624.1287651"},{"key":"e_1_3_2_1_18_1","doi-asserted-by":"crossref","unstructured":"T. Dierks and E. Rescorla. 2008. The Transport Layer Security (TLS) Protocol Version 1.2. (August 2008). https:\/\/tools.ietf.org\/html\/rfc5246","DOI":"10.17487\/rfc5246"},{"key":"e_1_3_2_1_19_1","doi-asserted-by":"publisher","unstructured":"R. Fielding J. Gettys J. Mogul H. Frystyk and T. Berners-Lee. 1997. Hypertext Transfer Protocol - HTTP\/1.1. (January 1997). https:\/\/tools.ietf.org\/html\/rfc2068","DOI":"10.17487\/RFC2068"},{"key":"e_1_3_2_1_20_1","doi-asserted-by":"publisher","unstructured":"R. Fielding J. Gettys J. Mogul H. Frystyk L. Masinter P. Leach and T. Berners-Lee. 1999. Hypertext Transfer Protocol - HTTP\/1.1. (June 1999). https:\/\/tools.ietf.org\/html\/rfc2616","DOI":"10.17487\/RFC2616"},{"key":"e_1_3_2_1_21_1","volume-title":"Retrieved","author":"Software Foundation SSL","year":"2016","unstructured":"OpenSSL Software Foundation. 2016. OpenSSL. (2016). Retrieved October 12, 2016 from https:\/\/www.openssl.org"},{"key":"e_1_3_2_1_22_1","doi-asserted-by":"crossref","unstructured":"A. Freier P. Karton and P. Kocher. 2011. The Secure Sockets Layer (SSL) Protocol Version 3.0. (August 2011). https:\/\/tools.ietf.org\/html\/rfc6101","DOI":"10.17487\/rfc6101"},{"key":"e_1_3_2_1_23_1","doi-asserted-by":"publisher","DOI":"10.1145\/2382196.2382204"},{"key":"e_1_3_2_1_24_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC7919"},{"key":"e_1_3_2_1_25_1","doi-asserted-by":"publisher","DOI":"10.1145\/1065010.1065036"},{"key":"e_1_3_2_1_26_1","volume-title":"Proceedings of the 16th Annual Network & Distributed System Security Symposium. The Internet Society","author":"Godefroid P.","unstructured":"P. Godefroid, M. Y. Levin, and D. Molnar. 2008. Automated Whitebox Fuzz Testing. In Proceedings of the 16th Annual Network & Distributed System Security Symposium. The Internet Society, San Diego, California, USA, 151--166."},{"key":"e_1_3_2_1_27_1","doi-asserted-by":"publisher","DOI":"10.1145\/2090147.2094081"},{"key":"e_1_3_2_1_28_1","volume-title":"Retrieved","year":"2016","unstructured":"Google. 2016. Chrome. (2016). Retrieved October 12, 2016 from https:\/\/www.google.com\/chrome\/"},{"key":"e_1_3_2_1_29_1","doi-asserted-by":"publisher","DOI":"10.1145\/2976002.2976017"},{"key":"e_1_3_2_1_30_1","doi-asserted-by":"publisher","unstructured":"R. Hierons K. Bogdanov J. Bowen R. Cleaveland J. Derrick J. Dick M. Gheorghe M. Harman K. Kapoor P. Krause G. L\u00fcttgen A. Simons S. Vilkomir M. Woodward and H. Zedan. 2009. Using Formal Specifications to Support Testing. ACM Comput. Surv. 41 2 Article 9 (Feb. 2009) 76 pages. 10.1145\/1459352.1459354","DOI":"10.1145\/1459352.1459354"},{"key":"e_1_3_2_1_31_1","volume-title":"Automatically Detecting Error Handling Bugs Using Error Specifications. In 25th USENIX Security Symposium (USENIX Security 16)","author":"Jana S.","unstructured":"S. Jana, Y. J. Kang, S. Roth, and B. Ray. 2016. Automatically Detecting Error Handling Bugs Using Error Specifications. In 25th USENIX Security Symposium (USENIX Security 16). USENIX Association, Austin, TX, 345--362."},{"key":"e_1_3_2_1_32_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-642-14577-3_22"},{"key":"e_1_3_2_1_33_1","doi-asserted-by":"publisher","DOI":"10.1007\/11754008_2"},{"key":"e_1_3_2_1_34_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC7685"},{"key":"e_1_3_2_1_35_1","doi-asserted-by":"crossref","unstructured":"A. Langley W. Chang N. Mavrogiannopoulos J. Strombergson and S. Josefsson. 2016. ChaCha20-Poly1305 Cipher Suites for Transport Layer Security (TLS). (June 2016). https:\/\/tools.ietf.org\/html\/rfc7905","DOI":"10.17487\/RFC7905"},{"key":"e_1_3_2_1_36_1","volume-title":"Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. (May","author":"Leiba B.","year":"2017","unstructured":"B. Leiba. 2017. Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words. (May 2017). https:\/\/tools.ietf.org\/html\/rfc8174"},{"key":"e_1_3_2_1_37_1","volume-title":"Retrieved","author":"Limited ARM","year":"2016","unstructured":"ARM Limited. 2016. mbedTLS. (2016). Retrieved October 12, 2016 from https:\/\/tls.mbed.org"},{"key":"e_1_3_2_1_38_1","doi-asserted-by":"publisher","DOI":"10.5555\/872023.872551"},{"key":"e_1_3_2_1_39_1","volume-title":"IE SSL Vulnerability. (2002). Retrieved","author":"Marlinspike M","year":"2016","unstructured":"M Marlinspike. 2002. IE SSL Vulnerability. (2002). Retrieved October 1, 2016 from https:\/\/www.thoughtcrime.org\/ie-ssl-chain.txt"},{"key":"e_1_3_2_1_40_1","volume-title":"More Tricks for Defeating SSL in Practice. (2009). Retrieved","author":"Marlinspike M.","year":"2016","unstructured":"M. Marlinspike. 2009. More Tricks for Defeating SSL in Practice. (2009). Retrieved October 1, 2016 from https:\/\/www.blackhat.com\/presentations\/bh-dc-09\/Marlinspike\/BlackHat-DC-09-Marlinspike-Defeating-SSL.pdf"},{"key":"e_1_3_2_1_41_1","volume-title":"New Tricks for Defeating SSL in Practice. (2009). Retrieved","author":"Marlinspike M.","year":"2016","unstructured":"M. Marlinspike. 2009. New Tricks for Defeating SSL in Practice. (2009). Retrieved October 1, 2016 from https:\/\/www.blackhat.com\/presentations\/bh-usa-09\/Marlinspike\/BHUSA09-Marlinspike-DefeatSSL-SLIDES.pdf"},{"key":"e_1_3_2_1_42_1","volume-title":"Null Prefix Attacks against SSL\/TLS Certificates. (2009). Retrieved","author":"Marlinspike M.","year":"2016","unstructured":"M. Marlinspike. 2009. Null Prefix Attacks against SSL\/TLS Certificates. (2009). Retrieved October 1, 2016 from https:\/\/www.thoughtcrime.org\/papers\/null-prefix-attackes.pdf"},{"key":"e_1_3_2_1_43_1","doi-asserted-by":"publisher","DOI":"10.1109\/52.56422"},{"key":"e_1_3_2_1_44_1","volume-title":"Retrieved","author":"Mavrogiannopoulos N.","year":"2016","unstructured":"N. Mavrogiannopoulos. 2016. GnuTLS. (2016). Retrieved October 12, 2016 from https:\/\/www.gnutls.org"},{"key":"e_1_3_2_1_45_1","volume-title":"Retrieved","year":"2016","unstructured":"Microsoft. 2016. Internet Explorer. (2016). Retrieved October 12, 2016 from https:\/\/www.microsoft.com\/en-us\/download\/internet-explorer.aspx"},{"key":"e_1_3_2_1_46_1","doi-asserted-by":"crossref","unstructured":"B. Moeller and A. Langley. 2015. TLS Fallback Signaling Cipher Suite Value (SCSV) for Preventing Protocol Downgrade Attacks. (April 2015). https:\/\/tools.ietf.org\/html\/rfc7507","DOI":"10.17487\/RFC7507"},{"key":"e_1_3_2_1_47_1","volume-title":"Retrieved","year":"2016","unstructured":"Mozilla. 2016. Firefox. (2016). Retrieved October 12, 2016 from https:\/\/www.mozilla.org\/en-US\/firefox\/all\/"},{"key":"e_1_3_2_1_48_1","volume-title":"Retrieved","year":"2016","unstructured":"Mozilla. 2016. NSS. (2016). Retrieved October 12, 2016 from https:\/\/developer.mozilla.org\/en-US\/docs\/Mozilla\/Projects\/NSS\/NSS_Releases"},{"key":"e_1_3_2_1_49_1","first-page":"2016","volume-title":"Retrieved","author":"NIST.","year":"2017","unstructured":"NIST. 2017. CVE-2016-8495. (2017). Retrieved July 26, 2017 from https:\/\/nvd.nist.gov\/vuln\/detail\/CVE-2016-8495"},{"key":"e_1_3_2_1_50_1","doi-asserted-by":"publisher","DOI":"10.1145\/1297846.1297902"},{"key":"e_1_3_2_1_51_1","doi-asserted-by":"publisher","DOI":"10.1145\/1390630.1390643"},{"key":"e_1_3_2_1_52_1","doi-asserted-by":"publisher","DOI":"10.1109\/ICSE.2007.37"},{"key":"e_1_3_2_1_53_1","volume-title":"Prohibiting RC4 Cipher Suites. (February","author":"Popov A.","year":"2015","unstructured":"A. Popov. 2015. Prohibiting RC4 Cipher Suites. (February 2015). https:\/\/tools.ietf.org\/html\/rfc7465"},{"key":"e_1_3_2_1_54_1","doi-asserted-by":"publisher","DOI":"10.17487\/RFC2818"},{"key":"e_1_3_2_1_55_1","doi-asserted-by":"crossref","unstructured":"E. Rescorla M. Ray S. Dispensa and N. Oskov. 2010. Transport Layer Security (TLS) Renegotiation Indication Extension. (February 2010). https:\/\/tools.ietf.org\/html\/rfc5746","DOI":"10.17487\/rfc5746"},{"key":"e_1_3_2_1_56_1","doi-asserted-by":"crossref","unstructured":"P. Saint-Andre and J. Hodges. 2011. Representation and Verification of Domain-Based Application Service Identity within Internet Public Key Infrastructure Using X.509 (PKIX) Certificates in the Context of Transport Layer Security (TLS). (March 2011). https:\/\/tools.ietf.org\/html\/rfc6125","DOI":"10.17487\/rfc6125"},{"key":"e_1_3_2_1_57_1","volume-title":"Retrieved","author":"Secure Inside","year":"2016","unstructured":"Inside Secure. 2016. matrixSSL. (2016). Retrieved October 12, 2016 from http:\/\/www.matrixssl.org"},{"key":"e_1_3_2_1_58_1","doi-asserted-by":"publisher","DOI":"10.1007\/11817963_38"},{"key":"e_1_3_2_1_59_1","doi-asserted-by":"publisher","DOI":"10.1145\/331960.331965"},{"key":"e_1_3_2_1_60_1","doi-asserted-by":"publisher","DOI":"10.1007\/978-3-540-89862-7_1"},{"key":"e_1_3_2_1_61_1","doi-asserted-by":"publisher","DOI":"10.5555\/1324770"},{"key":"e_1_3_2_1_62_1","doi-asserted-by":"crossref","unstructured":"S. Turner and T. Polk. 2011. Prohibiting Secure Sockets Layer (SSL) Version 2.0. (March 2011). https:\/\/tools.ietf.org\/html\/rfc6176","DOI":"10.17487\/rfc6176"},{"key":"e_1_3_2_1_63_1","volume-title":"Retrieved","author":"wolfSSL Inc.","year":"2016","unstructured":"wolfSSL Inc. 2016. wolfSSL. (2016). Retrieved October 30, 2016 from https:\/\/www.wolfssl.com"},{"key":"e_1_3_2_1_64_1","doi-asserted-by":"publisher","DOI":"10.1145\/1993498.1993532"},{"key":"e_1_3_2_1_65_1","volume-title":"Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. (January","author":"Yee P.","year":"2013","unstructured":"P. Yee. 2013. Updates to the Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile. (January 2013). https:\/\/tools.ietf.org\/html\/rfc6818"}],"event":{"name":"ICSE '18: 40th International Conference on Software Engineering","location":"Gothenburg Sweden","acronym":"ICSE '18","sponsor":["SIGSOFT ACM Special Interest Group on Software Engineering","IEEE-CS Computer Society"]},"container-title":["Proceedings of the 40th International Conference on Software Engineering"],"original-title":[],"link":[{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3180155.3180226","content-type":"unspecified","content-version":"vor","intended-application":"text-mining"},{"URL":"https:\/\/dl.acm.org\/doi\/pdf\/10.1145\/3180155.3180226","content-type":"unspecified","content-version":"vor","intended-application":"similarity-checking"}],"deposited":{"date-parts":[[2025,6,18]],"date-time":"2025-06-18T01:08:19Z","timestamp":1750208899000},"score":1,"resource":{"primary":{"URL":"https:\/\/dl.acm.org\/doi\/10.1145\/3180155.3180226"}},"subtitle":[],"short-title":[],"issued":{"date-parts":[[2018,5,27]]},"references-count":65,"alternative-id":["10.1145\/3180155.3180226","10.1145\/3180155"],"URL":"https:\/\/doi.org\/10.1145\/3180155.3180226","relation":{},"subject":[],"published":{"date-parts":[[2018,5,27]]},"assertion":[{"value":"2018-05-27","order":2,"name":"published","label":"Published","group":{"name":"publication_history","label":"Publication History"}}]}}