cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Webdav over SSL; IIS 7.5; Files larger than ~7.5MB

From: Chris Knight <cknight_at_dabmap.com>
Date: Mon, 14 Jan 2013 14:37:45 +0000

Thanks for the follow-up.

I think our implementation will not really suffer from this security issue
as we are mainly using ssl to protect the data from middle man sniffers as
the server is not going to be used for anything other than the client that
I am creating.

Personally I prefer avoiding Windows all together however unfortunately my
hands are tied as most people seem to be interested in using a microsoft
based server. I tried to compromise by suggesting apache for windows but
the system admin folks were more excited about IIS.

On 14 January 2013 08:49, Oscar Koeroo <okoeroo_at_nikhef.nl> wrote:

> On 11-01-13 13:00, Chris Knight wrote:
> > Hi Oscar,
> >
> > So great news, your suggestion worked, I added the line;
> >
> > curl_easy_setopt(curl, CURLOPT_SSL_OPTIONS, CURLSSLOPT_ALLOW_BEAST);
> >
> > and this works. The CURLOPT_SSL_CIPHER_LIST suggestion didn't seem to do
> > much in terms of this issue but its working now so just happy with that.
> >
> > Thanks so much Oscar
> >
> > Chris
>
>
> Hi Chris,
>
> Excellent! But not too excellent on the side of IIS 7.5 IMHO. Our
> experiences of requiring this feature was with a Java based service. It was
> not able to work with the beast-attack mitigation implemented in OpenSSL at
> the time. It seems this IIS version has the same issue.
>
> It might be worth the cause to check if you might be vulnerable to this
> form
> of attack. You can probably Google about the details.
>
>
> Oscar
>
>
> -------------------------------------------------------------------
> List admin: http://cool.haxx.se/list/listinfo/curl-library
> Etiquette: http://curl.haxx.se/mail/etiquette.html
>

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-01-14