General TC > General TC Talk
[SOLVED] 64 bit web browser tests for poodle attack
gordon64:
Hi I am not a security expert, but I went to this URL to check
https://zmap.io/sslv3
64 bit web browsers I found safe, claiming that
--- Quote ---Good News! Your browser does not support SSLv3
--- End quote ---
epiphany
firefox-latest's local TCZ called firefox-official
opera-12
64 bit found not so safe claiming that
--- Quote ---Warning! Your browser supports SSLv3
--- End quote ---
fifth
Browsers not tested or unable to see the result etc
firefox-nightly ....too old. IMHO no-one should be on it.
links and elinks.....both display the web site but give no indication, probably because they are text browsers.
I have yet to find a way to start fifth with a command that disables sslv3 but if anyone knows pls advise.
thanks for reading
EDIT
I made a .local/bin file with contents
--- Quote ---#!/bin/sh
tce-load -i fifth
fifth --ssl-version-min=tls1
--- End quote ---
but attempting to use it gives error as
--- Quote ---fifth: unrecognized option '--ssl-version-min=tls1'
--- End quote ---
curaga:
Fifth has no config options for SSL, it uses the defaults of openssl. Ideally we'd compile openssl without ssl3, so no app would use it.
gordon64:
curaga
I hope I don't embarrass you, but it turns out that you are the upstream maintainer of fifth.
Congratulations on your software and skills and thankyou for the tips.
Naturally I will look at re-compiling on 64 bit, Juanito's build script calls for curl-dev which has a dependency of openssl* and the running dependency has curl with a dependency of openssl*.
I shall see if modding those dep files and see if I can re-compile without openssl* support. Plus will try without curl support as well.
thanks again for your time.
--- Quote ---Ideally we'd compile openssl without ssl3
--- End quote ---
I have failed to compile new certificates, slightly off topic, new certificates works with existing openssl but when I attempted to use them for new openssl....not knowing about sslv3, at time of build, the new certificates failed.
curaga:
No, you can't compile Fifth without openssl. I mean we should compile openssl.tcz with sslv3 disabled. Some other distros are doing so.
gordon64:
Thanks
on 64 bit just re-compiled openssl with extra compile option "no-ssl3"
recompiled fifth, with slight dep modification and fifth now passes the sslv3 test, tested locally.
OFFTOPIC
but my attempt to add new certificates and test a re-compiled elinks, built with new openssl, I called it elinks2 is not showing a display page for a https URL, so I have failed to get it all corrrect.
Juanito is aware of some of my failures. I fail more than I succeed. :-[
cheers
Navigation
[0] Message Index
[#] Next page
Go to full version