To sum up what I've learned until now: - There are workarounds that openssl implements, but major applications (including apache) disable them, so they're mostly worthless - All workarounds on AES-CBC have problems, chrome and firefox discuss how to handle it, the only real fix is TLS 1.1/1.2 - The interim solution may be just disabling AES and rely on RC4.
So I'd like to repeat my question and hope some of the openssl devs will answer: When can we expect a TLS 1.1/1.2 enabled version? What's the status of openssl 1.0.1? -- Hanno Böck mail/jabber: ha...@hboeck.de GPG: BBB51E42 http://www.hboeck.de/
signature.asc
Description: PGP signature