Security Fix for Ruby OpenSSL module: Allow "0/n splitting" as a prevention for the TLS BEAST attack.

In OpenSSL, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option for SSL connection is used to prevent TLS-CBC-IV vulnerability described at [1]. It's known issue of TLSv1/SSLv3 but it attracts lots...

Continue Reading...

Posted by Urabe Shyouhei on 16 Feb 2012

Ruby 1.9.3-p125 is released

Ruby 1.9.3-p125 is released. This release include a security fixes of the Ruby OpenSSL extension. And many bugs are fixed in this release. == Fixes...

Continue Reading...

Posted by NARUSE, Yui on 16 Feb 2012

<< Back to 2012 Archives

Downloads | Documentation | Libraries | Community | News | Security | About Ruby