Skip to content
September 24, 2011 / BrianOFlan

Security Shivers

What to do about the BEAST?  (What beast?)

Apache can serve TLS 1.2 with mod_gnutls (rather than OpenSSL’s mod_ssl) and Opera 10 is supposed to handle it.  (Opera’s viability was questioned empirically on Slashdot yesterday[1].)

Get this: The only other browser boasting TLS 1.2 capability? Microsoft Internet Explorer 9 (and IE8 if you adjust its default config).  Internet Explorer!?
Plus, Microsoft Server 2008 and IIS7+ claimed TLS 1.2 capability back in 2009.

Who knew we could rely on Microsoft to be the big sturdy when all other secure web traffic crumbled?
Well, Google’s got a workaround for Chrome that sticks with TLS 1.0. And who doesn’t trust Google?

[1]  TLS 1.2 boasts called into question by experiment:

Further sources:

The whole thing is a shame.  No one wanted to find out the internet security technology we all take for granted may be illusory.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: