[PATCH] slaying the BEAST (TLS 1.0 exploiting)
mdounin at mdounin.ru
Sat Oct 1 09:50:57 UTC 2011
On Sat, Oct 01, 2011 at 07:52:37AM +0200, Srebrenko Šehić wrote:
> You've probably heard it already. SSL was hacked and broken. You can
> read about it at
> Some more commentary at
> As it turns out, OpenSSL people implemented a fix for this almost 10
> years ago. Details at http://www.openssl.org/~bodo/tls-cbc.txt
> Attached is a patch against 1.0.6 which introduces
> "ssl_dont_insert_empty_fragments" flag to control whether this
> workaround is enabled or not. Currently, it was hardcoded to disabled.
> This patch makes it optional.
> Note: this patch breaks certain old browsers which choke on the
> workaround. This was tested with IE6.
The patch won't help to stop BEAST (CVE-2011-3389), you need fix
on *client* side to stop it. More details about the attack
may be found here:
The only server-side workaround I'm currently aware of is using
non-CBC ciphers, i.e.
(Of course migrating to the TLS 1.1+ is a better option, but it's
not yet here.)
For OpenSSL's "insert empty fragments" workaround on a server
side, situation hasn't changed much since 2003: there is problem,
there are no known attacks, and workaround causes major
(Probably working on better workaround in OpenSSL would be a good
idea. It looks like Chrome's one-byte one causes much less
More information about the nginx-devel