[Ach] POODLE on TLS < 1.2

Hanno Böck hanno at hboeck.de
Tue Dec 9 15:58:23 CET 2014

I wondered if this affects any clients and made a test:

(somewhat based on agl's go-messup-cbc-patch and a trivial http server)

If any one saw this:
The version i tweeted earlier today falsely reported safari as
vulnerable because safari connected with RC4 (yes!), this was a false
positive (while still probably undesired behaviour). Now it should work.

If anyone sees the poodle please notify me (will probably show up with
older firefox versions as this has been fixed in nss in 2010). But I'll
log it anyway if it detects something :-)

Hanno Böck

mail/jabber: hanno at hboeck.de
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.cert.at/pipermail/ach/attachments/20141209/d182407b/attachment.sig>

More information about the Ach mailing list