Forum List Message List New Topic Print View

Srebrenko Šehić

October 02, 2011 01:30PM

On Sun, Oct 2, 2011 at 4:38 PM, Maxim Dounin <mdounin@mdounin.ru> wrote:

Hi,

> The quote is correct, but as you probably noticed it doesn't say
> anywhere that this workaround should be used on server to prevent
> BEAST. It should be used on sending side, i.e. client in case of
> BEAST.

Yes I did notice. Different sources on the Internet state different
things. However, the general consensus does say that it's a client
side only.

> It may make sense, but right now it's at least misleading: people
> may think they are safe from BEAST with this workaround enabled on
> server, while they are not.

You have me convinced. Let's forget about the patch for now.

Thanks for your input Maxim. Highly appreciated.

Cheers,
Srebrenko

_______________________________________________
nginx-devel mailing list
nginx-devel@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx-devel

Reply Quote

RSS

Subject	Author	Views	Posted
[PATCH] slaying the BEAST (TLS 1.0 exploiting)	Srebrenko Šehić	4035	October 01, 2011 01:54AM
Re: [PATCH] slaying the BEAST (TLS 1.0 exploiting)	Maxim Dounin	2883	October 01, 2011 05:52AM
Re: [PATCH] slaying the BEAST (TLS 1.0 exploiting)	Srebrenko Šehić	1068	October 02, 2011 09:32AM
Re: [PATCH] slaying the BEAST (TLS 1.0 exploiting)	Maxim Dounin	1207	October 02, 2011 10:40AM
Re: [PATCH] slaying the BEAST (TLS 1.0 exploiting)	Srebrenko Šehić	2127	October 02, 2011 01:30PM

Sorry, you do not have permission to post/reply in this forum.

Online Users

miloscvj , thippeswamyks

Guests: 303

Record Number of Users: 8 on April 13, 2023

Record Number of Guests: 421 on December 02, 2018

[PATCH] slaying the BEAST (TLS 1.0 exploiting)

Re: [PATCH] slaying the BEAST (TLS 1.0 exploiting)

Re: [PATCH] slaying the BEAST (TLS 1.0 exploiting)

Re: [PATCH] slaying the BEAST (TLS 1.0 exploiting)

Re: [PATCH] slaying the BEAST (TLS 1.0 exploiting)

Online Users