On Fri, Jan 29, 2010, Brandt Springman wrote: > Also would anyone know if the the implicit IV specified in tls1.0 has > been replaced (or is going to be ) with an > > explicit IV to protect against CBC attacks? >
That's part of TLS v1.1. There is currently an experimental implementation of TLS v1.1 in HEAD which will be backported to 1.0.1 at some point. Other versions of OpenSSL using TLS 1.0 or earlier can work around the CBC issue by sending empty fragments though some implementations are known to have problems with them. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
