SSL_CTX_set_options.pod (72613) | SSL_CTX_set_options.pod (76866) |
---|---|
1=pod 2 3=head1 NAME 4 5SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options 6 7=head1 SYNOPSIS 8 --- 39 unchanged lines hidden (view full) --- 48is different from the one decided upon. 49 50=item SSL_OP_NETSCAPE_CHALLENGE_BUG 51 52Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte 53challenge but then appears to only use 16 bytes when generating the 54encryption keys. Using 16 bytes is ok but it should be ok to use 32. 55According to the SSLv3 spec, one should use 32 bytes for the challenge | 1=pod 2 3=head1 NAME 4 5SSL_CTX_set_options, SSL_set_options, SSL_CTX_get_options, SSL_get_options - manipulate SSL engine options 6 7=head1 SYNOPSIS 8 --- 39 unchanged lines hidden (view full) --- 48is different from the one decided upon. 49 50=item SSL_OP_NETSCAPE_CHALLENGE_BUG 51 52Netscape-Commerce/1.12, when talking SSLv2, accepts a 32 byte 53challenge but then appears to only use 16 bytes when generating the 54encryption keys. Using 16 bytes is ok but it should be ok to use 32. 55According to the SSLv3 spec, one should use 32 bytes for the challenge |
56when opperating in SSLv2/v3 compatablity mode, but as mentioned above, | 56when operating in SSLv2/v3 compatibility mode, but as mentioned above, |
57this breaks this server so 16 bytes is the way to go. 58 59=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 60 61ssl3.netscape.com:443, first a connection is established with RC4-MD5. 62If it is then resumed, we end up using DES-CBC3-SHA. It should be 63RC4-MD5 according to 7.6.1.3, 'cipher_suite'. 64 --- 119 unchanged lines hidden --- | 57this breaks this server so 16 bytes is the way to go. 58 59=item SSL_OP_NETSCAPE_REUSE_CIPHER_CHANGE_BUG 60 61ssl3.netscape.com:443, first a connection is established with RC4-MD5. 62If it is then resumed, we end up using DES-CBC3-SHA. It should be 63RC4-MD5 according to 7.6.1.3, 'cipher_suite'. 64 --- 119 unchanged lines hidden --- |