February 2012 Archives

Security Fix for Ruby OpenSSL module: Allow "0/n splitting" as a prevention for the TLS BEAST attack.

In OpenSSL, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option for SSL connection is used to prevent TLS-CBC-IV vulnerability described at [1]. It's known issue of TLSv1/SSLv3 but it attracts lots of attention these days as BEAST attack [2] (CVE-2011-3389). Ruby related topics are at our issue tracker [3].

Continue Reading...

Ruby 1.9.3-p125 is released

Ruby 1.9.3-p125 is released.

Continue Reading...

<< Back to 2012 Archives