BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hello,


Our Nessus version ?6.4.1 is detecting a BEAST vulnerability against OpenSSL?1.0.1e. ?The source code defines?SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS as 0x00000800L and several tests are made for this value in the code. ?The CHANGES mentions though that this had some side effects, the option now being part of SSL_OP_ALL. ?It would look like, from the scan, that the fragments are not enabled by default, could it be ?


Thanks.
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux