General TC > General TC Talk

[SOLVED] 64 bit web browser tests for poodle attack

(1/2) > >>

gordon64:
Hi I am not a security expert, but I went to this URL to check
https://zmap.io/sslv3

64 bit web browsers I found safe, claiming that

--- Quote ---Good News! Your browser does not support SSLv3
--- End quote ---

epiphany
firefox-latest's local TCZ called firefox-official
opera-12


64 bit found not so safe claiming that

--- Quote ---Warning! Your browser supports SSLv3
--- End quote ---
fifth

Browsers not tested or unable to see the result etc
firefox-nightly ....too old. IMHO no-one should be on it.
links and elinks.....both display the web site but give no indication, probably because they are text browsers.

I have yet to find a way to start fifth with a command that disables sslv3 but if anyone knows pls advise.

thanks for reading

EDIT
I made a .local/bin file with contents

--- Quote ---#!/bin/sh
tce-load -i fifth
fifth --ssl-version-min=tls1
--- End quote ---

but attempting to use it gives error as

--- Quote ---fifth: unrecognized option '--ssl-version-min=tls1'
--- End quote ---

curaga:
Fifth has no config options for SSL, it uses the defaults of openssl. Ideally we'd compile openssl without ssl3, so no app would use it.

gordon64:
curaga

I hope I don't embarrass you, but it turns out that you are the upstream maintainer of fifth.

Congratulations on your software and skills and thankyou for the tips.

Naturally I will look at re-compiling on 64 bit, Juanito's build script calls for curl-dev which has a dependency of openssl* and the running dependency has curl with a dependency of openssl*.
I shall see if modding those dep files and see if I can re-compile without openssl* support. Plus will try without curl support as well.

thanks again for your time.


--- Quote ---Ideally we'd compile openssl without ssl3
--- End quote ---

I have failed to compile new certificates, slightly off topic, new certificates works with existing openssl but when I attempted to use them for new openssl....not knowing about sslv3, at time of build, the new certificates failed.

curaga:
No, you can't compile Fifth without openssl. I mean we should compile openssl.tcz with sslv3 disabled. Some other distros are doing so.

gordon64:
Thanks

on 64 bit just re-compiled openssl with extra compile option "no-ssl3"
recompiled fifth, with slight dep modification and fifth now passes the sslv3 test, tested locally.

OFFTOPIC
but my attempt to add new certificates and test a re-compiled elinks, built with new openssl, I called it elinks2 is not showing a display page for a https URL, so I have failed to get it all corrrect.

Juanito is aware of some of my failures. I fail more than I succeed.  :-[

cheers

Navigation

[0] Message Index

[#] Next page

Go to full version