[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MH

From: Nikos Mavrogiannopoulos
Subject: Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD
Date: Tue, 24 Jan 2012 00:23:26 +0100
User-agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv: Gecko/20111114 Icedove/3.1.16

On 01/24/2012 12:06 AM, Daniel Stenberg wrote:

> On Tue, 24 Jan 2012, Nikos Mavrogiannopoulos wrote:
>> Note however that the combination of the cipher ARCFOUR with SSL 3.0
>> and TLS 1.0 is not vulnerable to these attacks. Thus a string to use
>> when SSL 3.0 is required could be
> Is ARCFOUR more likely to work with old/buggy servers than the "hacks"
> you mentioned?

I can only speculate because I haven't really tested it. Given that this
is a string for legacy servers, and SSL 3.0 originally only supported
ARCFOUR and 3DES, you could have an issue with servers that only support
3DES. I've not seen such a server so far (although I've seen many
servers that only support ARCFOUR).


reply via email to

[Prev in Thread] Current Thread [Next in Thread]