Re: Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for Tomcat 7.x

n'importe quel effet légalement obligatoire. Étant donné que les email > peuvent facilement être sujets à la manipulation, nous ne pouvons accepter > aucune responsabilité pour le contenu fourni. > > >> Date: Fri, 14 Sep 2012 22:12:30 -0500 >> Subject: Is there a REAL s

Re: Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for Tomcat 7.x

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Brian, On 9/15/12 2:59 PM, Brian Braun wrote: > Where can I get the list of all available ciphers for Sun JVM 6 > update 35? Using Java 6u35, run this code (apologies for any poor word wrapping). Enjoy, - -chris import java.util.ArrayList; import j

Re: Is there a REAL solution to the

h, but I thought OpenSSL had a patch for this that worked. > Read...#2635: 1/n-1 record splitting technique for CVE-2011-3389 > > > -Original Message- > >From: Brian Braun > >Sent: Sep 14, 2012 11:12 PM > >To: Tomcat Users List > >Subject: Is there a R

Re: Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for Tomcat 7.x

Well, I'm using JVM1.6 Update 35 (the latest). I want the best encription I can get, while at the same time I want it to be near to 100% compatible with all my possible internet visitor's browsers, and also I want to pass the PCI test that www.secritymetrics.com performs. I have humble requirements

Re: Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for Tomcat 7.x

On 15/09/2012 19:59, Brian Braun wrote: > Hi Mark, > > I was really interested in your advice. I'm glad you answered, thanks! > I'm trying not the disable TLS1.0 because I did a site that is being uses > by unknown people over the internet, and I don't one how many of them are > using a browser th

Re: Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for Tomcat 7.x

Besides removing the last one, which ones should I add? On Sat, Sep 15, 2012 at 2:57 AM, Mark Thomas wrote: > Brian Braun wrote: > > >Hi, > > > >Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for > >Tomcat > >7.x? > >For more i

Re: Is there a REAL solution to the

Yeah, but I thought OpenSSL had a patch for this that worked. Read...#2635: 1/n-1 record splitting technique for CVE-2011-3389 -Original Message- >From: Brian Braun >Sent: Sep 14, 2012 11:12 PM >To: Tomcat Users List >Subject: Is there a REAL solution to the "BEAST

RE: Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for Tomcat 7.x

#x27;aura pas n'importe quel effet légalement obligatoire. Étant donné que les email peuvent facilement être sujets à la manipulation, nous ne pouvons accepter aucune responsabilité pour le contenu fourni. > Date: Fri, 14 Sep 2012 22:12:30 -0500 > Subject: Is there a REAL solu

Re: Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for Tomcat 7.x

Brian Braun wrote: >Hi, > >Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for >Tomcat >7.x? >For more info about this attack: >http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389 > >My toughts and questions, as far as I have invest

Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for Tomcat 7.x

Hi, Is there a REAL solution to the "BEAST attack" (CVE-2011-3389) for Tomcat 7.x? For more info about this attack: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-3389 My toughts and questions, as far as I have investigated this issue: - Disabling the TLS1.0 protocol wo