Can anyone comment on the below, especially whether this test should be
disabled when used with TLS 1.3 (modern access) and whether it is OK (a
wrong test definition) for 1.3 to actually handle the prefix attack request?
Regards,
Rainer
Am 20.10.2018 um 08:16 schrieb Rainer Jung:
Test
Test t/security/CVE-2009-3555.t (hardening against MITM
SSL-renegotiation) fails in 2.4.37 when actually using TLS 1.3.
It is not that easy to use TLS 1.3 for this test. The test uses a raw
SSL socket created by Net::SSL, but that module is outdated and does not
support TLS 1.3.
I patched