Re: Webdav over SSL; IIS 7.5; Files larger than ~7.5MB
Date: Mon, 14 Jan 2013 09:49:38 +0100
On 11-01-13 13:00, Chris Knight wrote:
> Hi Oscar,
> So great news, your suggestion worked, I added the line;
> curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST);
> and this works. The CURLOPT_SSL_CIPHER_LIST suggestion didn't seem to do
> much in terms of this issue but its working now so just happy with that.
> Thanks so much Oscar
Excellent! But not too excellent on the side of IIS 7.5 IMHO. Our
experiences of requiring this feature was with a Java based service. It was
not able to work with the beast-attack mitigation implemented in OpenSSL at
the time. It seems this IIS version has the same issue.
It might be worth the cause to check if you might be vulnerable to this form
of attack. You can probably Google about the details.
- application/pkcs7-signature attachment: S/MIME Cryptographic Signature