On Nov 22, 2012, at 13:29 , "Dr. Stephen Henson" wrote:
>
> So you're saying it does *NOT* set SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS? That
> should be OK then as inserting empty fragments is one way of preventing the
> BEAST attack but some servers can't handle it.
That's correct, curl does NOT s
On Tue, Nov 20, 2012, Rainer Canavan wrote:
>
> On Nov 20, 2012, at 12:47 , "Dr. Stephen Henson" wrote:
>
> > On Tue, Nov 20, 2012, Dr. Stephen Henson wrote:
> >
> >> On Fri, Nov 16, 2012, Rainer Canavan wrote:
> >>
> >>>
> >>> Since openssl is part of a product that we ship, would you consi
On Nov 20, 2012, at 12:47 , "Dr. Stephen Henson" wrote:
> On Tue, Nov 20, 2012, Dr. Stephen Henson wrote:
>
>> On Fri, Nov 16, 2012, Rainer Canavan wrote:
>>
>>>
>>> Since openssl is part of a product that we ship, would you consider moving
>>> RC4-MD5 to the front of the cipher list by defau
On Tue, Nov 20, 2012, Dr. Stephen Henson wrote:
> On Fri, Nov 16, 2012, Rainer Canavan wrote:
>
> >
> > Since openssl is part of a product that we ship, would you consider moving
> > RC4-MD5 to the front of the cipher list by default a good idea, or are there
> > drawbacks that I overlooked, or
On Fri, Nov 16, 2012, Rainer Canavan wrote:
>
> Since openssl is part of a product that we ship, would you consider moving
> RC4-MD5 to the front of the cipher list by default a good idea, or are there
> drawbacks that I overlooked, or would this even be preferred, since RC4 has
> been propagated
On Nov 15, 2012, at 18:04 , "Dr. Stephen Henson" wrote:
> The -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH option was a quick hack to workaround
> some broken servers. It may not be needed now many have been fixed and
> applications where you have some control over the connection parameters
> don't really
On Wed, Nov 14, 2012, Rainer Canavan wrote:
> We compile our application with -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to
> avoid the
> server hang described in the Changelog for 1.0.1a. However, I have now
> encountered
> a server that fails to handshake with openssl (the command line tool or e.
We compile our application with -DOPENSSL_MAX_TLS1_2_CIPHER_LENGTH=50 to avoid
the
server hang described in the Changelog for 1.0.1a. However, I have now
encountered
a server that fails to handshake with openssl (the command line tool or e.g.
curl
linked against libopenssl) if openssl has bee