Jeffrey Walton :
> Is there a way to compile without the patch? I think I would rather
> 'config no=ssl3' and omit the additional complexity. Its additional
> protocol complexity and heartbleed is still fresh in my mind.
>
There's no way to compile without the patch, other than reverting it. It'
mancha :
> Bodo Moeller wrote:
>
> I certainly think that the claim that "new SCSV does not help with
> > [the SSL 3.0 protocol issue related to CBC padding] at all" is wrong,
> > and that my statement that TLS_FALLBACK_SCSV can be used to counter
> > CVE-2014-3566 is right.
>
> The point is mo
Thanks for the patch.
Is there a way to compile without the patch? I think I would rather
'config no=ssl3' and omit the additional complexity. Its additional
protocol complexity and heartbleed is still fresh in my mind.
Also, are there any test cases that accompany the patch? I'm trying to
figure
> Again, this is not related to the question whether the fallback SCSV is a good
> idea. It is a procedural issue with CVE naming.
Then take it up with the CVE folks. Not here. :)
--
Principal Security Engineer, Akamai Technologies
IM: rs...@jabber.me Twitter: RichSalz
_
This is not quite the same discussion as in the TLS Working Group, but I
certainly think that the claim that "new SCSV does not help with [the SSL
3.0 protocol issue related to CBC padding] at all" is wrong, and that my
statement that TLS_FALLBACK_SCSV can be used to counter CVE-2014-3566 is
right.
On 10/16/2014 10:41 AM, Salz, Rich wrote:
Note that the CVE identifier was assigned to the SSL 3.0 protocol issue
related to CBC padding. The new SCSV does not help with that at all.
What? It prevents silently falling back to the broken protocol.
Perhaps we can keep this battle-thread just i
> Note that the CVE identifier was assigned to the SSL 3.0 protocol issue
> related to CBC padding. The new SCSV does not help with that at all.
What? It prevents silently falling back to the broken protocol.
Perhaps we can keep this battle-thread just in the TLS WG mail?
/r$
--
Pri
On 10/15/2014 01:46 AM, Bodo Moeller wrote:
Here's a patch for the OpenSSL 1.0.1 branch that adds support for
TLS_FALLBACK_SCSV, which can be used to counter the POODLE attack
(CVE-2014-3566; https://www.openssl.org/~bodo/ssl-poodle.pdf).
Note that the CVE identifier was assigned to the SSL 3.0
mancha :
> Any reason for the s_client -fallback_scsv option check to be within an
> #ifndef OPENSSL_NO_DTLS1 block?
Thanks for catching this. No, there's no good reason for that; I should
move it elsewhere.
Bodo
