[PATCH] slaying the BEAST (TLS 1.0 exploiting)
ssehic at gmail.com
Sat Oct 1 05:52:37 UTC 2011
You've probably heard it already. SSL was hacked and broken. You can
read about it at
Some more commentary at
As it turns out, OpenSSL people implemented a fix for this almost 10
years ago. Details at http://www.openssl.org/~bodo/tls-cbc.txt
Attached is a patch against 1.0.6 which introduces
"ssl_dont_insert_empty_fragments" flag to control whether this
workaround is enabled or not. Currently, it was hardcoded to disabled.
This patch makes it optional.
Note: this patch breaks certain old browsers which choke on the
workaround. This was tested with IE6.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 2748 bytes
Desc: not available
More information about the nginx-devel