Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MH

libmicrohttpd

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MH

From:	Nikos Mavrogiannopoulos
Subject:	Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD
Date:	Tue, 24 Jan 2012 00:23:26 +0100
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.24) Gecko/20111114 Icedove/3.1.16

On 01/24/2012 12:06 AM, Daniel Stenberg wrote:

> On Tue, 24 Jan 2012, Nikos Mavrogiannopoulos wrote:
> 
>> Note however that the combination of the cipher ARCFOUR with SSL 3.0
>> and TLS 1.0 is not vulnerable to these attacks. Thus a string to use
>> when SSL 3.0 is required could be
>> "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128".
> Is ARCFOUR more likely to work with old/buggy servers than the "hacks"
> you mentioned?

I can only speculate because I haven't really tested it. Given that this
is a string for legacy servers, and SSL 3.0 originally only supported
ARCFOUR and 3DES, you could have an issue with servers that only support
3DES. I've not seen such a server so far (although I've seen many
servers that only support ARCFOUR).

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, (continued)
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Piotr Grzybowski, 2012/01/20
- Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/20
  - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Christian Grothoff, 2012/01/23
    - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/23
    - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/23
    - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Nikos Mavrogiannopoulos, 2012/01/23
    - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/23
    - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Nikos Mavrogiannopoulos, 2012/01/23
    - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Nikos Mavrogiannopoulos, 2012/01/23
    - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/23
    - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Nikos Mavrogiannopoulos <=
    - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/24
    - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Daniel Stenberg, 2012/01/23
    - Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD, Christian Grothoff, 2012/01/23

Prev by Date: Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD
Next by Date: Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD
Previous by thread: Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD
Next by thread: Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD
Index(es):
- Date
- Thread