[libmicrohttpd] SSL handshake fails between libcurl and libgnutls/MHD
Nikos Mavrogiannopoulos
nmav at gnutls.org
Tue Jan 24 00:23:26 CET 2012
On 01/24/2012 12:06 AM, Daniel Stenberg wrote:
> On Tue, 24 Jan 2012, Nikos Mavrogiannopoulos wrote:
>
>> Note however that the combination of the cipher ARCFOUR with SSL 3.0
>> and TLS 1.0 is not vulnerable to these attacks. Thus a string to use
>> when SSL 3.0 is required could be
>> "NORMAL:-VERS-TLS-ALL:+VERS-SSL3.0:-CIPHER-ALL:+ARCFOUR-128".
> Is ARCFOUR more likely to work with old/buggy servers than the "hacks"
> you mentioned?
I can only speculate because I haven't really tested it. Given that this
is a string for legacy servers, and SSL 3.0 originally only supported
ARCFOUR and 3DES, you could have an issue with servers that only support
3DES. I've not seen such a server so far (although I've seen many
servers that only support ARCFOUR).
regards,
Nikos
More information about the Gnutls-devel
mailing list