Message152068
Original e-mail from Apple security team:
> Follow-up: 187806281
>
> SSL 3.0 and TLS 1.0 are vulnerable to an attack described at
>
> http://www.openssl.org/~bodo/tls-cbc.txt
>
> OpenSSL includes a countermeasure which prevents the attack, but python
> 2.7 has, around line 372 of Modules/_ssl.c:
>
> SSL_CTX_set_options(self->ctx, SSL_OP_ALL);
>
> SSL_OP_ALL includes SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS which disables the
> countermeasure.
>
> 2.6 is similar. |
|
Date |
User |
Action |
Args |
2012-01-27 08:25:54 | pitrou | set | recipients:
+ pitrou, loewis, barry, benjamin.peterson |
2012-01-27 08:25:53 | pitrou | set | messageid: <1327652753.95.0.174471030951.issue13885@psf.upfronthosting.co.za> |
2012-01-27 08:25:53 | pitrou | link | issue13885 messages |
2012-01-27 08:25:52 | pitrou | create | |
|