search for: ssl_op_msie_sslv2_rsa_padding

...r version of the protocol (SSLv3) to end up using the older version of the protocol (SSLv2). II. Problem Description In order to provide bug-for-bug compatibility with Microsoft Internet Explorer 3.02, a verification step required by the Secure Sockets Layer protocol can be disabled by using the SSL_OP_MSIE_SSLV2_RSA_PADDING option in OpenSSL. This option is implied by the frequently-used SSL_OP_ALL option. III. Impact If the SSL_OP_MSIE_SSLV2_RSA_PADDING option is enabled in a server application using OpenSSL, an attacker who is able to intercept and tamper with packets transmitted between a client and the server c...

...r version of the protocol (SSLv3) to end up using the older version of the protocol (SSLv2). II. Problem Description In order to provide bug-for-bug compatibility with Microsoft Internet Explorer 3.02, a verification step required by the Secure Sockets Layer protocol can be disabled by using the SSL_OP_MSIE_SSLV2_RSA_PADDING option in OpenSSL. This option is implied by the frequently-used SSL_OP_ALL option. III. Impact If the SSL_OP_MSIE_SSLV2_RSA_PADDING option is enabled in a server application using OpenSSL, an attacker who is able to intercept and tamper with packets transmitted between a client and the server c...