Microsoft has released a security advisory relating to the SSL/TLS vulnerability previously discussed. Included in the advisory are a workaround and a tool that can implement a fix on Windows 7 and Windows Server 2008 R2 systems.
If you're using a version of Windows prior to version 7 or Server 2008 R2, your system doesn't even support TLS 1.1. Your only hope is that server admins fix the SSL/TLS problem on their web servers.
Interestingly enough, the RC4 cipher suite is unaffected. Only encryption based on CBC (cipher block chaining) is affected. RC4 is a streaming cipher, which is not affected.
If you're using a version of Windows prior to version 7 or Server 2008 R2, your system doesn't even support TLS 1.1. Your only hope is that server admins fix the SSL/TLS problem on their web servers.
Interestingly enough, the RC4 cipher suite is unaffected. Only encryption based on CBC (cipher block chaining) is affected. RC4 is a streaming cipher, which is not affected.
[...] been doing quite a bit of research into the BEAST (Browser Exploit Against SSL/TLS) vulnerability that security researchers Juliano [...]
ReplyDelete