Skip to content
September 24, 2011 / BrianOFlan

Security Shivers

What to do about the BEAST?  (What beast?)

Apache can serve TLS 1.2 with mod_gnutls (rather than OpenSSL’s mod_ssl) and Opera 10 is supposed to handle it.  (Opera’s viability was questioned empirically on Slashdot yesterday[1].)

Get this: The only other browser boasting TLS 1.2 capability? Microsoft Internet Explorer 9 (and IE8 if you adjust its default config).  Internet Explorer!?
Plus, Microsoft Server 2008 and IIS7+ claimed TLS 1.2 capability back in 2009.

Who knew we could rely on Microsoft to be the big sturdy when all other secure web traffic crumbled?
Well, Google’s got a workaround for Chrome that sticks with TLS 1.0. And who doesn’t trust Google?

[1]  TLS 1.2 boasts called into question by experiment: http://it.slashdot.org/comments.pl?sid=2439924&cid=37477890

Further sources:

The whole thing is a shame.  No one wanted to find out the internet security technology we all take for granted may be illusory.
Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: