Re: alleged attack on TLS

help-gnutls

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: alleged attack on TLS

From:	Nikos Mavrogiannopoulos
Subject:	Re: alleged attack on TLS
Date:	Fri, 23 Sep 2011 21:37:48 +0200
User-agent:	Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.2.21) Gecko/20110831 Icedove/3.1.13

On 09/23/2011 02:52 PM, Stephane Bortzmeyer wrote:

* Disable SSL 3.0 and TLS 1.0

So, with mod_gnutls, you suggest:
GnuTLSPriorities NORMAL:!VERS-TLS1.0:!VERS-SSL3.0

As I said this before this would enforce the secure modes and if cannotbe negotiated will fail. An alternative approach would be to all the"NORMAL" priorities and if TLS1.0 or SSL3.0 are negotiated warn the peerwith an application protocol message (i.e. in case of a web server witha special web page) and close the connection.



regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

alleged attack on TLS, Nikos Mavrogiannopoulos, 2011/09/21
- Re: alleged attack on TLS, Stephane Bortzmeyer, 2011/09/23
  - Re: alleged attack on TLS, Nikos Mavrogiannopoulos, 2011/09/23
  - Re: alleged attack on TLS, Nikos Mavrogiannopoulos <=

Prev by Date: Re: alleged attack on TLS
Next by Date: Protocol for renewing CA certs
Previous by thread: Re: alleged attack on TLS
Next by thread: compilation error
Index(es):
- Date
- Thread