Closed Bug 1167413 Opened 10 years ago Closed 9 years ago

Enable BEAST mitigation in Zeus?

Tracking

(Not tracked)

Status:

RESOLVED WONTFIX

People

(Reporter: Atoll, Unassigned)

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/1266] )

:Atoll

Reporter

Description

•

10 years ago

Zeus 9.1 added a new option to mitigate BEAST attacks by adding a one-byte fragment: * Add countermeasure for BEAST attacks in Stingray's SSL implementation by sending a one byte fragment when using Cipher-Block Chaining (CVE-2011-3389). Must be enabled using the "ssl!insert_extra_fragment" global setting. SR21673 We should consider enabling this globally. I tried doing so on Zeus 10 in testing; it had no effect whatsoever on the SSLLabs report.

Flags: sec-review?

:kanban

Updated

•

10 years ago

Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/1266]

:Atoll

Reporter

Comment 1

•

9 years ago

No reply, closing for now.

Status: NEW → RESOLVED

Closed: 9 years ago

Resolution: --- → WONTFIX

:Atoll

Reporter

Updated

•

9 years ago

Flags: sec-review?

BMO Automation

Updated

•

6 years ago

Product: Infrastructure & Operations → Infrastructure & Operations Graveyard

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Enable BEAST mitigation in Zeus?

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

Tracking

(Not tracked)

People

(Reporter: Atoll, Unassigned)

References

Details

(Whiteboard: [kanban:https://webops.kanbanize.com/ctrl_board/2/1266] )

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Updated

Updated