[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MH

From: Nikos Mavrogiannopoulos
Subject: Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD
Date: Tue, 24 Jan 2012 00:07:48 +0100
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20111114 Icedove/3.1.16

On 01/23/2012 11:51 PM, Nikos Mavrogiannopoulos wrote:

> You cannot. SSL 3.0 and TLS 1.0 are vulnerable to this attack. TLS 1.1
> and later versions aren't. There are hacks to mitigate the impact (only
> on the outgoing packets), but were removed from gnutls once TLS 1.1 was
> introduced (because they were causing issues with old servers).

Note however that the combination of the cipher ARCFOUR with SSL 3.0 and
TLS 1.0 is not vulnerable to these attacks. Thus a string to use when
SSL 3.0 is required could be


reply via email to

[Prev in Thread] Current Thread [Next in Thread]