dslreports logo
    All Forums Hot Topics Gallery


how-to block ads

Search Topic:
share rss forum feed

reply to Name Game

Re: Google disables SSL compression in Chrome against new attack

said by Name Game:

SSL2 should be disabled.
TLS 1.1 and TLS 1.2 should be enabled and are preferred, though TLS 1.2 was not yet supported on many servers

But for Opera this was the problem even in Jan 2012


Quite a good link. However it is interesting in this quote:

The RFC also says that servers MUST accept that clients send extensions (and ignore the ones it cannot handle), and MUST accept that clients may signal a higher version than they support. Unfortunately, what the RFCs say, and what got implemented in the server can be two very different things. There is a reason why RFC 5746 (The Renego patch) includes a reminder about what the RFCs say on those two points.
Well, what can you say. It is all too similar to a lot of Internet browsing.

You have to allow for it to be a reply to a request. What we need to do is create an environment whereby that initial handshake doesn't allow all, doesn't allow by default, looks for certain strings....guess to some extent that may happen already and you to become pwoned....

So to start with not allowing anything but still recognize the link it needs....love to be able to have that signed in my name.
The only thing necessary for the triumph of evil is for good men to do nothing - Edmund Burke