IBrowse Home        News        Store        History Log
Download        Add-ons        Search Engines
FAQ        Mailing Lists        Documentation
Development Radar: 613 issues open (30 assigned) and 1023 blown away
Did you know... you can drag any fastlink to the browser tab you want to load it in?
News
22 Feb 2014AmiSSL 3.6/3.7 and IBrowse 2.4 HTTPS vulnerabilities

Harry Sintonen has released an advisory document detailing some flaws and vulnerabilities in AmiSSL 3.6 and 3.7, used by IBrowse to support secure connections, and IBrowse 2.4's HTTPS implementation.

We advise that you should disable "SSLv2 support" on the "Security" page of the IBrowse preferences. And also in that section, on the "Ciphers" page, ensure that DES, 3DES (Encryption), MD5 (MAC) and Export (Cipher grade) are all disabled. These are enabled by default in IBrowse 2.4.

Additionally, you may wish to enter the following command in a shell: "setenv save AmiSSL/SSL_CLIENT_VERSION ssl3" - this will disable SSL 2.0 globally in AmiSSL itself so will get applied to all other applications using AmiSSL (not just IBrowse).

The IBrowse Development Team thank Harry for bringing these issues to our attention, and we will make any required fixes and HTTPS improvements for IBrowse 2.5. Hopefully, a new version of the now open-source AmiSSL will be released at some point, updated to use the very latest version of OpenSSL.


show all news...
IBrowse is © 2001-2017 Stefan Burstrom, © 1995-2001 Omnipresence Intl. All rights reserved.
[counter]