BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 19/08/2015 16:37, Salz, Rich wrote:
> Try this as a starting point: https://security.ias.edu/poodle-and-beast-isnt-love-story-sslv3-cipher-vulnerability
> _______________________________________________
> openssl-users mailing list
> To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
That's just some guy pontificating before the SCSV
countermeasure was available.  Absolutely no technical
arguments.

The list of "sources" is equally random and non-detailed
as to why there is nothing salvageable.  For instance, one
is a link where Bodo Moeller explains why something
like the _EMPTY_FRAGMENTS countermeasure is needed for the
IV issue.

I know a lot of people said the sky was falling, I am
trying to remember why.

Enjoy
Jakob
-- 
Jakob Bohm, CIO, Partner, WiseMo A/S.  http://www.wisemo.com
Transformervej 29, 2860 S?borg, Denmark.  Direct +45 31 13 16 10
This public discussion message is non-binding and may contain errors.
WiseMo - Remote Service Management for PCs, Phones and Embedded



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux