Hi, It seems some rumors are spreading about an attack presented later this week against sslv3/tlsv1.0: http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/
Whatever this attack looks like in detail, all news one can find at the moment suggest that only sslv3/tls 1.0 is affected and going to tls 1.1 or 1.2 should fix it. AFAIK, openssl current release 1.0.0 has no tls 1.2, but the planned openssl 1.0.1 should have. Which leads to the question: Is there a planned timeline for a 1.0.1 release and could this be accelerated if the issue turns out to be serious? -- Hanno Böck mail/jabber: ha...@hboeck.de GPG: BBB51E42 http://www.hboeck.de/
signature.asc
Description: PGP signature