Hi Steve,
I am also seeing AES along with GCM and RC4 in my search if I disable
CBC. So can it guarantee that still client and server can communicate. Also
if I use both end points as having same version of openssl than also there
can be any problem.
Regards,
Alok
On Tue, Nov 12, 2013 at
Hi Steve,
Thanks for reply. Do you have idea how CBC ciphers can be disabled?
Regards,
Alok
On Tue, Nov 12, 2013 at 8:23 PM, Dr. Stephen Henson st...@openssl.orgwrote:
On Tue, Nov 12, 2013, Alok Sharma wrote:
One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS
On Tue, Nov 12, 2013, Alok Sharma wrote:
One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
in OpenSSL, , do not properly consider timing side-channel attacks on a MAC
check requirement during the processing of
One of the openSSL vulnerabilities is:
CVE-2013-0169:
The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
in OpenSSL, , do not properly consider timing side-channel attacks on a MAC
check requirement during the processing of malformed CBC padding, which
allows remote