Date: Wed, 2 May 2012 22:01:49 +0100 From: Matt Dawson <matt@chronos.org.uk> To: freebsd-security@freebsd.org Subject: Re: OpenSSL and Heimdal Message-ID: <201205022201.50506.matt@chronos.org.uk> In-Reply-To: <4FA12C1E.3030102@gmail.com> References: <CA%2BQLa9Asg0GkKKihhXLwpwOGz1T3u%2BJWhqo66L0M1denkeBq_Q@mail.gmail.com> <4FA12C1E.3030102@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wednesday 02 May 2012 13:44:14 Volodymyr Kostyrko wrote: > And will we ever support TLS v1.[12]? BEAST attack > seems to be not so far from most of us mod_gnutls in ports. Setup is simple for Apache. Prefer the RC4 cipher which secures SSLv3 against BEAST. This setup on my own HTTPS servers passes Qualys' own tests with an A rating of 87 and tells me BEAST is mitigated, although the thing still gives me an error on session resumption which I know damned well works. It's all there for server side in ports. TLSv1.[1|2] is pretty pointless right now as only IE supports it in any meaningful way and even that is disabled OOB. Setting RC4 as the preferred cipher is about the best you can do right now. -- Matt Dawson GW0VNR MTD15-RIPE
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201205022201.50506.matt>