To sum up what I've learned until now:
- There are workarounds that openssl implements, but major applications
  (including apache) disable them, so they're mostly worthless
- All workarounds on AES-CBC have problems, chrome and firefox discuss
  how to handle it, the only real fix is TLS 1.1/1.2
- The interim solution may be just disabling AES and rely on RC4.


So I'd like to repeat my question and hope some of the openssl devs
will answer:
When can we expect a TLS 1.1/1.2 enabled version? What's the status of
openssl 1.0.1?

-- 
Hanno Böck              mail/jabber: ha...@hboeck.de
GPG: BBB51E42           http://www.hboeck.de/

Attachment: signature.asc
Description: PGP signature

Reply via email to