alleged attack on TLS
Chris Palmer
snackypants at gmail.com
Wed Sep 21 19:43:31 CEST 2011
On Wed, Sep 21, 2011 at 1:19 AM, Nikos Mavrogiannopoulos
<n.mavrogiannopoulos at gmail.com> wrote:
> From information gathered here
> and there it seems the attack is a variation or an implementation of
> the Bard attack [0].
The BEAST developers say that they were inspired by Dai, not Bard. FWIW.
> If you are using GnuTLS and want to prevent such
> attacks you can do the following:
> * Make sure that TLS 1.1 or TLS 1.2 are not disabled (gnutls enables
> them by default, but because of compatibility issues with broken peers
> they are often disabled)
You can also use a non-CBC cipher suite, like RC4.
--
"These days, though, you have to be pretty technical before you can
even aspire to crudeness." — William Gibson
More information about the Gnutls-devel
mailing list