oss-sec mailing list archives
Re: default cipher suites in curl
From: Michael Samuel <mik () miknet net>
Date: Mon, 7 Jul 2014 23:59:26 +1000
On 7 July 2014 22:05, Marcus Meissner <meissner () suse de> wrote:
This will only happen when the server either doesn't support stronger ciphers or when the server requests it's cipher order be honoured and chooses export ciphers first. An attacker can't trigger this with SSLv3 or TLS.I was more thinking of a man in the middle attack during the connection setup.
That only works with SSLv2. SSLv3 and TLSv1 won't allow this.
Current thread:
- default cipher suites in curl Marcus Meissner (Jul 01)
- Re: default cipher suites in curl Michael Samuel (Jul 06)
- Re: default cipher suites in curl Marcus Meissner (Jul 07)
- Re: default cipher suites in curl Michael Samuel (Jul 07)
- Re: default cipher suites in curl Marcus Meissner (Jul 07)
- Re: default cipher suites in curl Michael Samuel (Jul 06)