On May 25, 2:24 pm, Wan-Teh Chang wrote:
> On Tue, May 25, 2010 at 11:06 AM, Marsh Ray wrote:
> > But by that logic, the client should refuse to handshake at all with a
> > non-RFC-5746 server. (In reality that eventually needs to become the
> > default behavior).
>
> I agree. A strict client sh
On Tue, May 25, 2010 at 11:06 AM, Marsh Ray wrote:
>
> But by that logic, the client should refuse to handshake at all with a
> non-RFC-5746 server. (In reality that eventually needs to become the
> default behavior).
I agree. A strict client should refuse an initial handshake with a
legacy serv
Arguing with myself a bit here.
On 5/25/2010 12:06 PM, Marsh Ray wrote:
> On 5/20/2010 7:20 PM, Matt McCutchen wrote:
>> When
>> "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref"
>> is off, Firefox will refuse to perform a server-initiated
>> renegotiation with a non-
On 5/20/2010 7:20 PM, Matt McCutchen wrote:
> When
> "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref"
> is off, Firefox will refuse to perform a server-initiated
> renegotiation with a non-RFC-5746 server. What is the purpose of this
> behavior? It doesn't mitigate
When
"security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref"
is off, Firefox will refuse to perform a server-initiated
renegotiation with a non-RFC-5746 server. What is the purpose of this
behavior? It doesn't mitigate the vulnerability because in the attack
scenario, the
5 matches
Mail list logo
