|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Martin Schmitt (Schmitt Systems) (mas
scsy.de)
Date: Mon Dec 03 2007 - 08:03:32 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Victor Duchovni schrieb:
> But this does not concretely address the OP's problem. In this case there
> is a post-handshake bug in the SSL 3DES cipher implementation in most
> fielded Microsoft systems (they don't usefully support anything other
> than RC4). The bug results in 5 clear-text bytes from application memory
> leaking into SSL application data messages after the valid ciphertext. The
> resulting data stream is no longer a sequence of SSL/TLS messages and
> so the connection breaks immediately after the HELO response (first
> post-handshake reply from the server).
>
> When using TLS with Microsoft Crypto-API systems that predate Windows
> Server 2007 or Vista, one must accept the use of RC4.
Thanks Victor for taking your time to explain the situation.
Best regards,
-martin
--
Martin Schmitt - Schmitt Systemberatung - http://www.scsy.de
DE 35415 Pohlheim, Gießener Str. 18
DE 65307 Bad Schwalbach, Am Bräunchesberg 9
Linux/UNIX - Internet - E-Mail Infrastructure - Antispam/Antivirus
- "What goes up, must come down. Ask any system administrator." -
- application/pgp-signature attachment: OpenPGP digital signature
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]