sfs8 pt1

[Chris Edwards]

On Mon, 6 Oct 2008, Ian Miller wrote:

| The technique is to produce a forged packet with a modified list of offered
| cypher options.  Provided the packet is the same length as the genuine one

Interesting - I thought that sort of thing had been fixed around 1996 with 
SSLv3 / TLS 1.0.


| One approach to the inadequacy of browsers set-up is to implement this
| attack yourself to force the connection into the secure mode of your
| choice.

So a box at the border of an enterprise network could do this...