Dear Mr. Moeller,
I totally agree that it is an IE bug but unfortunately
we have to live with IE(!) and so by Microsoft doctrine (!)
it's the other programs that interact with IE that have bugs ...
Seriously, I wish to thank you and the other people in the ssl
development team for your effort and resolve to fix this annoyance,
Thanks a lot,
E.I.Sarmas
----- Original Message -----
From: "Bodo Moeller via RT" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>; <[EMAIL PROTECTED]>
Cc: <[EMAIL PROTECTED]>
Sent: Πέμπτη, 13 Ιουνίου 2002 12:18 μμ
Subject: [openssl.org #87] openssl 0.9.6b to 0.9.6d with IE5.5 and IE6 and
3DES-CBC-SHA hangs
>
> [[EMAIL PROTECTED] - Fri Jun 7 14:22:15 2002]:
>
> > even though Netscape still works, this should be considered a bug
> since
> > IE is now broken when in the past it worked fine
>
> It is a bug in IE, not in OpenSSL. Note that the problem is avoided
> when using RC4 ciphersuites, and these are typically preferred by most
> clients anyway. However OpenSSL clients prefer 3DES ciphersuites by
> default, so interoperability problems of OpenSSL clients with broken
> servers must be expected.
>
> Future versions of OpenSSL will be modified so that the CBC security
> workaround that caused these problems with some broken SSL/TLS
> implementations can be disabled. We have to decide whether to give
> higher priority to security (enable the workaround by default and let
> applications that don't need it, such is Apache with mod_ssl or
> Apache-SSL, disable it) or to interoperability (disable the workaround
> by default and rely on applications to enable it when it is needed).
>
______________________________________________________________________
OpenSSL Project http://www.openssl.org
Development Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
