Ibrowse and ssl problems-news

[mechy]

Found this news.. it may be of interest if you use ibrowse and have the annoying ssl problem:

19 Feb 2016 IBrowse 2.4, AmiSSL 3.6 and the POODLE attack I'm sure you are all well aware that many secure websites are normally  not reachable with IBrowse 2.4 any longer, due to servers shutting off  SSLv2 and SSLv3 connections due to the POODLE attack.  However, there is  a solution...
 This is delayed advice, as I have only just  realised it was possible: contrary to the previous news item, you should  enable both "SSLv2 support" and "SSLv3 support" on the "Security" page  of the IBrowse preferences. You must then also enter the following  command in a shell:


 setenv save AmiSSL/SSL_CLIENT_VERSION tls1


This  will force any most applications that use AmiSSL, including IBrowse, to  disable both SSLv2 and SSLv3, and use more secure TLSv1 connections  instead.
This issue will be properly addressed in IBrowse 2.5 and a new version of AmiSSL.

[mechy]

Good sir!  I say!  You can't just post something like this and not give more details!  :lol:

That is all there is on the IB news page.. it was passed to me so i passed it here wish there were more details. Far as i know the guy who did amissl 3.6 is not updating it, as there are some problems he said. When you read this though it makes me think someone else is working on it.

http://www.ibrowse-dev.net/news.php

[mechy]

I can't take the credit regarding AmiSSL - most of the work has been done by Jens Maus, and several others have been involved. It's true that development did stall, but to cut a long story short I stepped in recently to help fix everything as the code was broken and simply didn't work. Now it is working again, the AmiSSL team have regained their motivation, as you can see from GitHub .

AmiSSL is not dependent on IBrowse and can be released at any time. However, IBrowse is if course dependent on AmiSSL - it would be foolish to release IBrowse 2.5 until the SSL issues were fixed and that means a new AmiSSL.

I didn't realise until yesterday, while reworking the SSL code in IBrowse, that IBrowse 2.4 and AmiSSL 3.6 could already handle TLSv1 connections - IBrowse 2.4 explicitly disables it for a reason I am unsure of. Wish I'd figured that out earlier as I could have published the "fix" as soon as POODLE hit and sites began to shut off SSLv3, but better late than never!

Thanks for letting us know, i look forward to a new release of Amissl! Its getting harder to get around the net in ibrowse on my 4k

[mechy]

Wait! Does this mean we'll actually see v2.5 sometime this century?
Do tell! Have the various permissions issues been sorted out?

Ohh now you jinxed it by implying hope :roflmao:

Who knows when or what we will see,but i wouldnt mind a update after all this time.