-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(2011/09/23 1:14), Martin Bosslet wrote:
> A well-known vulnerability of TLS v1.0 and earlier has recently
> gained some attention:
> 
> http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/

I think the thread here would be better than media articles.
http://www.ietf.org/mail-archive/web/tls/current/msg08032.html

My current BEAST understanding is: "TLS/SSL CBC IV chaining +
victim/attacker multiplexed onto a single TLS/SSL connection on
Browser (SSL client side) + CPA(Chosen-plaintext Attack)" but we
should wait the conference session today. Done already?

For existing TLS/SSL + CBC IV vuln issue, I rarely set
SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS since clients I write don't allow
CPA by attacker. In ossl, when an attacker can have the same
SSLSession object with a victim, the attacker can sniff plaintext
easier in another way. I do the same for servers.

But yeah, using this option correctly must be hard for Ruby users. It
would be better to turn the SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS bit off
by default. We might get some claims, but we can explain the reason.

> What do you propose? Should we solve this before the 1.9.3 release?
> 
Let's wait the session and see how other SSL clients (mainly Browsers)
and SSL servers(OpenSSL project) reacts.

// NaHi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)

iQEcBAEBAgAGBQJOe9GyAAoJEC7N6P3yLbI2yGUH/0BWS2Fvzpvuy22ul9uQPyBC
Jocp+T+UeuJDZVxf0qzAbl7TLKCH8iVbA16nsy5LmH9Dq41mzJwPn8o0hmCaQXOu
UZh8MFp4T9VfDZlIF/3RwYB35amGrrSr5xc4IxQ60o2GhIutiIIrU6ZfrqUG7FJY
kEty4pnAba2e4fpwgVlA/1K7R+0QJe37fRhvzQ3DGIIXBNbGso3L8zfCmanck4N2
9hP2ftMyeFhb199+kaB9IKfyYzwKIPlKLRdmAxTOrzllu0INRMzgnUoddHDIbixi
B6E1TV2B1Cfh0p07sP3gTZyykaZLQfNuEcxLA6PohHv3asnYEz3ddWZJjGU1lxU=
=fwTo
-----END PGP SIGNATURE-----