Hi Steve,
I am also seeing AES along with GCM and RC4 in my search if I disable
CBC. So can it guarantee that still client and server can communicate. Also
if I use both end points as having same version of openssl than also there
can be any problem.
Regards,
Alok
On Tue, Nov 12, 2013 at 8:2
Hi Steve,
Thanks for reply. Do you have idea how CBC ciphers can be disabled?
Regards,
Alok
On Tue, Nov 12, 2013 at 8:23 PM, Dr. Stephen Henson wrote:
> On Tue, Nov 12, 2013, Alok Sharma wrote:
>
> > One of the openSSL vulnerabilities is:
> >
> > CVE-2013-0169:
> >
> > The TLS protocol 1
On Tue, Nov 12, 2013, Alok Sharma wrote:
> One of the openSSL vulnerabilities is:
>
> CVE-2013-0169:
>
> The TLS protocol 1.1 and 1.2 and the DTLS protocol 1.0 and 1.2, as used
> in OpenSSL, , do not properly consider timing side-channel attacks on a MAC
> check requirement during the process
