From: Hiroshi Nakamura <nahi@...>
Date: 2011-09-23T09:29:29+09:00
Subject: [ruby-core:39678] Re: [Ruby 1.9 - Bug #5353][Open] TLS v1.0 and less - Attack on CBC mode

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

(2011/09/23 9:25), Hiroshi Nakamura wrote:
> For existing TLS/SSL + CBC IV vuln issue, I rarely set 
> SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS since clients I write don't
> allow

Must be "I rarely unset", I meant "I always use SSL_OP_ALL". Using
'NOT' in flag is harmful :)

And additional note: I'm not a cryptographer!

// NaHi
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (Cygwin)

iQEcBAEBAgAGBQJOe9K0AAoJEC7N6P3yLbI2ZNsH/0wYReyiGO/noIxXMvzP5L6u
OI4gRhX3pdJMYnXf5xCfSSVvddVqKh9WfuwuT5OYa6wuxsoJNkR3fygBAsUmyCqo
+6B1ChN6o/InpYcoLUky6yig8tzMRwrJFi+Q2IYwbngBWQhTYHl2OVC702/nwz57
CL+cn1kmZOXwSxc2D8phEOl5O3yvrhTjHoLCuLU22XAH52Lzdu99cjXvqYO6m8XK
mY/JX9E9quKc5lQcLwiCXTpbzZmC8Psw7l07ewW7cyQ7me0A3iMh+lIlwBHhvcL+
PieWB8kbFYCNIFYwf76X8cW07YySdWlsCqD+jQfzLbpfHpbxfWfuwXO4nC56ZSM=
=mgoe
-----END PGP SIGNATURE-----