cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Webdav over SSL; IIS 7.5; Files larger than ~7.5MB

From: Oscar Koeroo <okoeroo_at_nikhef.nl>
Date: Mon, 14 Jan 2013 09:49:38 +0100

On 11-01-13 13:00, Chris Knight wrote:
> Hi Oscar,
>
> So great news, your suggestion worked, I added the line;
>
> curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST);
>
> and this works. The CURLOPT_SSL_CIPHER_LIST suggestion didn't seem to do
> much in terms of this issue but its working now so just happy with that.
>
> Thanks so much Oscar
>
> Chris

Hi Chris,

Excellent! But not too excellent on the side of IIS 7.5 IMHO. Our
experiences of requiring this feature was with a Java based service. It was
not able to work with the beast-attack mitigation implemented in OpenSSL at
the time. It seems this IIS version has the same issue.

It might be worth the cause to check if you might be vulnerable to this form
of attack. You can probably Google about the details.

Oscar

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

application/pkcs7-signature attachment: S/MIME Cryptographic Signature

Received on 2013-01-14

This message: [ Message body ]
Next message: Yehezkel Horowitz: "RE: Find wrong certificate domain"
Previous message: Daniel Stenberg: "Re: [bagder/curl] 16abdd: configure: fix automake 1.13 compatibility"
In reply to: Chris Knight: "Re: Webdav over SSL; IIS 7.5; Files larger than ~7.5MB"
Next in thread: Chris Knight: "Re: Webdav over SSL; IIS 7.5; Files larger than ~7.5MB"
Reply: Chris Knight: "Re: Webdav over SSL; IIS 7.5; Files larger than ~7.5MB"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]