AnsweredAssumed Answered

Apple finally releases patch for BEAST

Question asked by BoerenkoolMetWorst on Feb 26, 2014
Latest reply on Feb 26, 2014 by Ivan Ristić

Apple has implemented 1/n-1 migitation enabled by default in Safari in the latest OS X 10.9.2 update, so TLS below v1.1 is now also protected.

If RC4 is used but not with TLS 1.1 and newer, SSL server test does not give a warning/yellow text. Perhaps this can be changed now all major browsers support 1/n-1 record splitting in order to speed up the deprecation of RC4.

 

EDIT: Would it be possible to update the SSL Client test to check for /n-1 record splitting, so we can check less popular and mobile clients?

Outcomes