Home
News
Download
Documentation
Add-ons
Search Engines
Mailing Lists
FAQ
IBrowse
IBrowse 2.4 is currently unavailable for purchase.
Apologies for any inconvenience.
 
Development Radar
613 issues open (30 assigned) and 1023 blown away
view history log

Did you know... mailto: can be setup to send mail via your favourite mail program?
News

22 Feb 2014 AmiSSL 3.6/3.7 and IBrowse 2.4 HTTPS vulnerabilities

Harry Sintonen has released an advisory document detailing some flaws and vulnerabilities in AmiSSL 3.6 and 3.7, used by IBrowse to support secure connections, and IBrowse 2.4's HTTPS implementation.

We advise that you should disable "SSLv2 support" on the "Security" page of the IBrowse preferences. And also in that section, on the "Ciphers" page, ensure that DES, 3DES (Encryption), MD5 (MAC) and Export (Cipher grade) are all disabled. These are enabled by default in IBrowse 2.4.

Additionally, you may wish to enter the following command in a shell: "setenv save AmiSSL/SSL_CLIENT_VERSION ssl3" - this will disable SSL 2.0 globally in AmiSSL itself so will get applied to all other applications using AmiSSL (not just IBrowse).

The IBrowse Development Team thank Harry for bringing these issues to our attention, and we will make any required fixes and HTTPS improvements for IBrowse 2.5. Hopefully, a new version of the now open-source AmiSSL will be released at some point, updated to use the very latest version of OpenSSL.


show all news...

IBrowse is © 2001-2017 Stefan Burstrom, © 1995-2001 Omnipresence Intl. All rights reserved. [counter]