The zcrypto/tls library doesn't have the 1/n-1 record splitting used to mitigate the BEAST vulnerability on TLS 1.0 with a CBC cipher suite. That was done intentionally to allow others to research the NTLM protocol #382.
Unfortunately, this is turning up as I port the howsmyssl tests to use zcrypto/tls as its client where the BEAST vulnerability detector in howsmyssl is flagging it.
Would there be any consideration to put that vulnerability mitigation back on, perhaps under an option? Happy to write a patch.
The zcrypto/tls library doesn't have the 1/n-1 record splitting used to mitigate the BEAST vulnerability on TLS 1.0 with a CBC cipher suite. That was done intentionally to allow others to research the NTLM protocol #382.
Unfortunately, this is turning up as I port the howsmyssl tests to use zcrypto/tls as its client where the BEAST vulnerability detector in howsmyssl is flagging it.
Would there be any consideration to put that vulnerability mitigation back on, perhaps under an option? Happy to write a patch.