Message229380
On the Web, there is indeed a good reaction time to security issues (especially in large providers). That may not be the case for all the other SSL services out there.
Since TLS_FALLBACK_SCSV is the recommended solution (not to mention it will work against other attacks), do you know if it's being implemented in OpenSSL? I would be surprised if nobody did it. |
|
Date |
User |
Action |
Args |
2014-10-14 23:25:20 | pitrou | set | recipients:
+ pitrou, janssen, vstinner, giampaolo.rodola, christian.heimes, alex, dstufft |
2014-10-14 23:25:20 | pitrou | set | messageid: <1413329120.44.0.753005134494.issue22638@psf.upfronthosting.co.za> |
2014-10-14 23:25:20 | pitrou | link | issue22638 messages |
2014-10-14 23:25:20 | pitrou | create | |
|