Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 4 Mar 2014 16:05:48 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE Request?: konqueror - https uses all
 ciphers, even weak ones

On Tue, 4 Mar 2014 11:12:57 +0000
John Haxby <john.haxby@...cle.com> wrote:

> I suspect that this problem is fairly wide-ranging.   Apple’s Safari
> also permits the link.   Google Chrome doesn’t permit the link
> though, it just crashes :)

I added this to the chromium bug tracker:
https://code.google.com/p/chromium/issues/detail?id=348987

There's however something interesting: I couldn't reproduce the crash
setup. I created my own test server with a 16 bit exchange and it
doesn't crash. I haven't found out yet what the difference is that's
causing this.
https://dh16.dosdriver.de

-- 
Hanno Böck
http://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Download attachment "signature.asc" of type "application/pgp-signature" (837 bytes)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.