cURL / Mailing Lists / curl-users / Single Mail

curl-users

Regarding "--ssl-allow-beast" option

From: Gokhan Sengun <gokhansengun_at_gmail.com>
Date: Thu, 15 Mar 2012 10:00:06 +0200

Hello Folks,

I see from git repo that there is "--ssl-allow-beast" option added so that
users can bypass vulnerability mentioned below.

https://mail.google.com/mail/?shva=1#search/7.24/1350f898a669978d

My web server (unfortunately) is no exception to most of the servers in the
world and vulnerable to this attack. My customer uses curl for specific
purposes and I have to give him this option so that he can still
communicate with the web server with > curl 7.25.

My question is, can I write this option into my documentation? Is it
already discussed and fixed that this string will be used in official curl
7.25?

Thanks.

-- 
it is twice as difficult to debug a program as to write it. Therefore, if
you put all of your creativity and effort into writing the program, you are
not smart enough to debug it.

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-users
FAQ: http://curl.haxx.se/docs/faq.html
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-03-15

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: Regarding "--ssl-allow-beast" option"
Previous message: Daniel Stenberg: "Re: Integrating with QNX"
Next in thread: Daniel Stenberg: "Re: Regarding "--ssl-allow-beast" option"
Reply: Daniel Stenberg: "Re: Regarding "--ssl-allow-beast" option"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]