|
From: | Daniel Stenberg |
Subject: | Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD |
Date: | Tue, 24 Jan 2012 00:06:09 +0100 (CET) |
User-agent: | Alpine 2.00 (DEB 1167 2008-08-23) |
On Tue, 24 Jan 2012, Nikos Mavrogiannopoulos wrote:
Note however that the combination of the cipher ARCFOUR with SSL 3.0 and TLS 1.0 is not vulnerable to these attacks. Thus a string to use when SSL 3.0 is required could be "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128".
Is ARCFOUR more likely to work with old/buggy servers than the "hacks" you mentioned?
-- / daniel.haxx.se
[Prev in Thread] | Current Thread | [Next in Thread] |