SSL Labs has a test for the just-announced POODLE attack against some TLS implementations https://community.qualys.com/blogs/securitylabs/2014/12/08/poodle-bites-tls …
@ivanristic Seeing some endpoints doing that, would apply to this bug too; though it's just plain silly not to enforce the TLS padding
-
-
@colmmacc What endpoints do that? Isn’t that a huge performance penalty? -
@ivanristic I have a small number of endpoints doing it, for customers stuck with SSLv3-only clients. HMAC is pretty cheap compared to AES.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.