Thats funny, mine fails to connect with "potentially vunerable handshake" supplied by the server. Using TLS1.1 or 1.2 protocol here.
BTW... I disabled/removed ssl V.C. 0.2 and editted about config to a 3 fallback 2 config. TLS1.0 not allowed. I did this because one could select ssl3.0 in the dropdown box in the preferences of the add-on. Very naughty.
BASH exposure expressed as bigger than Heartbleed<SOLUTIONS>
Thanx for the link, perdido. There is only one result marked as 'improvable' with Opera 12.16. It doesn't look like THE essential option to me. AFAIK SSL3 is disabled by default in said browser.
Session Ticket Support - Improvable
Session tickets are not supported in your client. Without them, services will have a harder time making your client's connections fast. Generally, clients with ephemeral key support get this for free.
-
perdido
- Posts: 1528
- Joined: Mon 09 Dec 2013, 16:29
- Location: ¿Altair IV , Just north of Eeyore Junction.?
Mentioned on the SSL Version control download page is that FF34, FF33 reset to TLS1.0 on restart.rolf wrote:It tells mewhile SSL Version Control 0.2 is set to TLS 1.2Bad Your client is using TLS 1.0
https://addons.mozilla.org/en-US/firefo ... l/reviews/
.
I can set the Version Control preference in the dropdown to anything, restart Seamonkey, and the page at https://www.howsmyssl.com/ always tells me I'm running, TLS 1.0perdido wrote: Mentioned on the SSL Version control download page is that FF34, FF33 reset to TLS1.0 on restart.
https://addons.mozilla.org/en-US/firefo ... l/reviews/
.
I had security.tls.version.min;3 set in about:config. I can change that to anything from security.tls.version.min;1 to security.tls.version.min;4 and it makes no difference when Seamonkey is restarted.
Seamonkey 2.18 Linux x86_64
Thanks.
-
Puppus Dogfellow
- Posts: 1667
- Joined: Tue 08 Jan 2013, 01:39
- Location: nyc
works in precise 5.5; no apparent frisbee problems.Geoffrey wrote:Edit: updated to bash-4.3.30-1The latest patch 28 seems to have fixed it, I'm pretty sure that rg66 used the same sources as I did and compiled withmavrothal wrote:Do we know anything more about rg66's version? ie source and configure options?I compiled usingCode: Select all
./configure --prefix=/ --with-cursesCode: Select all
./configure --with-curses --bindir=/bin --datarootdir=/usr/sharebash-4.3.30-1.petCode: Select all
bash --version GNU bash, version 4.3.28(1)-release (i686-pc-linux-gnu) Copyright (C) 2013 Free Software Foundation, Inc. License GPLv3+: GNU GPL version 3 or later <http://gnu.org/licenses/gpl.html> This is free software; you are free to change and redistribute it. There is NO WARRANTY, to the extent permitted by law. # # curl --insecure https://shellshocker.net/shellshock_test.sh | bash % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 2009 100 2009 0 0 1398 0 0:00:01 0:00:01 --:--:-- 1520 CVE-2014-6271 (original shellshock): not vulnerable bash: shellshocker: command not found CVE-2014-6278 (Florian's patch): not vulnerable CVE-2014-7169 (taviso bug): not vulnerable CVE-2014-//// (exploit 3 on http://shellshocker.net/): not vulnerable CVE-2014-7186 (redir_stack bug): not vulnerable CVE-2014-7187 (nested loops off by one): not vulnerable
bash_DOC-4.3.30-1.pet
bash_NLS-4.3.30-1.pet
thanks!