If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.
Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite
What is the problem? Shouldn't be all SSL2/3 connections been disabled for years now?
SSL3 should be disabled because it's just plain busted, but SSL2 is still in common use in the wild for system-to-system communication, and probably in plenty of browser connections as well.
What is the problem? Shouldn't be all SSL2/3 connections been disabled for years now?
You should read the paper or the website. It's a somewhat complex cross-protocol attack, and they demonstrate . Importantly, it applies whenever the private key material is shared, not just when the same certificate is used. Mentioned in the paper, but unfortunately not by Michael's summary, is that it affects 22% of all webservers. See the paper for details.
SSL3 should be disabled because it's just plain busted, but SSL2 is still in common use in the wild for system-to-system communication, and probably in plenty of browser connections as well.
No SSLv3 was broken recently and still in use in old hardware. SSLv2 was broken some 15-20 years ago, and has been deprecated and unused for just as long.
Comment