IBrowse Home   News   Store   Download   Known Issues   Add-ons   Search Engines   FAQ   Mailing Lists   Documentation
Development Radar: 612 issues open (30 assigned) and 1025 blown away
Did you know... you can drag a browser tab out of the window to open a new window?
News
22 Feb 2014>AmiSSL 3.6/3.7 and IBrowse 2.4 HTTPS vulnerabilities

Harry Sintonen has released an advisory document detailing some flaws and vulnerabilities in AmiSSL 3.6 and 3.7, used by IBrowse to support secure connections, and IBrowse 2.4's HTTPS implementation.

We advise that you should disable "SSLv2 support" on the "Security" page of the IBrowse preferences. And also in that section, on the "Ciphers" page, ensure that DES, 3DES (Encryption), MD5 (MAC) and Export (Cipher grade) are all disabled. These are enabled by default in IBrowse 2.4.

Additionally, you may wish to enter the following command in a shell: "setenv save AmiSSL/SSL_CLIENT_VERSION ssl3" - this will disable SSL 2.0 globally in AmiSSL itself so will get applied to all other applications using AmiSSL (not just IBrowse).

The IBrowse Development Team thank Harry for bringing these issues to our attention, and we will make any required fixes and HTTPS improvements for IBrowse 2.5. Hopefully, a new version of the now open-source AmiSSL will be released at some point, updated to use the very latest version of OpenSSL.


show all news...
IBrowse is © 2001-2019 Stefan Burstrom, © 1995-2001 Omnipresence Intl. All rights reserved.
[counter]