[libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Jan 24 00:23:26 CET 2012


On 01/24/2012 12:06 AM, Daniel Stenberg wrote:

> On Tue, 24 Jan 2012, Nikos Mavrogiannopoulos wrote:
> 
>> Note however that the combination of the cipher ARCFOUR with SSL 3.0
>> and TLS 1.0 is not vulnerable to these attacks. Thus a string to use
>> when SSL 3.0 is required could be
>> "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128".
> Is ARCFOUR more likely to work with old/buggy servers than the "hacks"
> you mentioned?

I can only speculate because I haven't really tested it. Given that this
is a string for legacy servers, and SSL 3.0 originally only supported
ARCFOUR and 3DES, you could have an issue with servers that only support
3DES. I've not seen such a server so far (although I've seen many
servers that only support ARCFOUR).

regards,
Nikos




More information about the Gnutls-devel mailing list