Re: [Bug-wget] SSL Poodle attack

bug-wget

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Bug-wget] SSL Poodle attack

From:	Petr Pisar
Subject:	Re: [Bug-wget] SSL Poodle attack
Date:	Wed, 15 Oct 2014 13:45:18 +0200
User-agent:	Mutt/1.5.23 (2014-03-12)

On Wed, Oct 15, 2014 at 11:57:47AM +0200, Tim Rühsen wrote:
> (means, the libraries defaults are used, whatever that is).
> 
> Should we break compatibility and map 'auto' to TLSv1 ?
> For the security of the users.

Please no. Instead of changing each TLS program, one should patch only the TLS
library. This is the reason why why have shared libraries.

So just report the issue to your vendor, he will fix few TSL implementations
he delivers and all application will get fixed automatically.

-- Petr

pgpH4L6JmoDKX.pgp
Description: PGP signature

[Prev in Thread]

Current Thread

[Next in Thread]

[Bug-wget] SSL Poodle attack, Tim Rühsen, 2014/10/15
- Re: [Bug-wget] SSL Poodle attack, Petr Pisar <=
  - Re: [Bug-wget] SSL Poodle attack, Tim Rühsen, 2014/10/15
    - Re: [Bug-wget] SSL Poodle attack, Daniel Kahn Gillmor, 2014/10/15
    - Re: [Bug-wget] SSL Poodle attack, Daniel Stenberg, 2014/10/15
    - Re: [Bug-wget] SSL Poodle attack, Daniel Kahn Gillmor, 2014/10/15
    - Re: [Bug-wget] SSL Poodle attack, Daniel Stenberg, 2014/10/15
    - Re: [Bug-wget] SSL Poodle attack, Tim Rühsen, 2014/10/16
    - [Bug-wget] [PATCH] V2 removed 'auto' SSLv3 also from OpenSSL code, Tim Rühsen, 2014/10/16
    - Re: [Bug-wget] [PATCH] V2 removed 'auto' SSLv3 also from OpenSSL code, Giuseppe Scrivano, 2014/10/19
    - Re: [Bug-wget] [PATCH] V2 removed 'auto' SSLv3 also from OpenSSL code, Tim Rühsen, 2014/10/19

Prev by Date: Re: [Bug-wget] wget --version doesn't show version
Next by Date: Re: [Bug-wget] SSL Poodle attack
Previous by thread: [Bug-wget] SSL Poodle attack
Next by thread: Re: [Bug-wget] SSL Poodle attack
Index(es):
- Date
- Thread