Ticket #1181 (closed general: fixed)
Fedora still vulnerable to BEAST
|Reported by:||sparks||Owned by:|
|Cc:||emaldona, kaia, simo||Blocked By:|
It was recently reported that NSS was not protecting users against BEAST attacks (the fix was backed out). This is affecting every user of Fedora using SSL and TLSv1.0 in any connection that uses NSS.
The reason provided in the ticket was that it broke some programs (pidgin-sipe was the one example provided) when the fix was inserted.
It is recommended that the fix be reapplied to NSS in all versions of Fedora and that any program that breaks be patched to roll back the fix as per the instructions provided in the ticket.