Register Log In

Forums Bug Reports mIRC vulnerability regarding TLS 1.0 BEAST attack

Print Thread

Re: mIRC vulnerability regarding TLS 1.0 BEAST attack #233940 25/09/11 05:45 PM
Joined: Dec 2002 Posts: 294 D drum Pan-dimensional mouse
drum Pan-dimensional mouse D Joined: Dec 2002 Posts: 294	mIRC uses OpenSSL, which supports the "empty fragment" feature (first introduced in 0.9.6d which was released way back in 2002). It is possible to disable this feature however, so we'd have to hear from Khaled whether this feature is left enabled or not. You can read a little about this feature here: http://www.openssl.org/~bodo/tls-cbc.txt (item number 2) In short, if the "empty fragment" feature is enabled (which it is by default), then SSL connections created by mIRC would NOT be vulnerable to the BEAST attack.

Entire Thread
Subject	Posted By	Posted
mIRC vulnerability regarding TLS 1.0 BEAST attack	Anonymous	25/09/11 10:23 AM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	Riamus2	25/09/11 03:08 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	Anonymous	25/09/11 05:24 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	sparta	25/09/11 05:44 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	drum	25/09/11 05:45 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	argv0	25/09/11 06:36 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	Anonymous	25/09/11 06:56 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	argv0	25/09/11 07:29 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	Anonymous	25/09/11 07:36 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	Sat	25/09/11 08:11 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	Khaled	26/09/11 12:50 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	Anonymous	26/09/11 01:21 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	Khaled	28/09/11 02:51 PM
Re: mIRC vulnerability regarding TLS 1.0 BEAST attack	starbucks_mafia	26/09/11 02:34 PM

Link Copied to Clipboard