cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD

From: Nikos Mavrogiannopoulos <nmav_at_gnutls.org>
Date: Tue, 24 Jan 2012 00:23:26 +0100

On 01/24/2012 12:06 AM, Daniel Stenberg wrote:

> On Tue, 24 Jan 2012, Nikos Mavrogiannopoulos wrote:
>
>> Note however that the combination of the cipher ARCFOUR with SSL 3.0
>> and TLS 1.0 is not vulnerable to these attacks. Thus a string to use
>> when SSL 3.0 is required could be
>> "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128".
> Is ARCFOUR more likely to work with old/buggy servers than the "hacks"
> you mentioned?

I can only speculate because I haven't really tested it. Given that this
is a string for legacy servers, and SSL 3.0 originally only supported
ARCFOUR and 3DES, you could have an issue with servers that only support
3DES. I've not seen such a server so far (although I've seen many
servers that only support ARCFOUR).

regards,
Nikos
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2012-01-24