Hi! To our users concerned about the following security advisory: http://www.securelist.com/en/advisories/50605 (as of 26 March 2018 at 9:28am MDT, this link no longer works and has no alternative), it is a vulnerability related specifically to SSL 3.0 and TLS 1.0. When using CyaSSL, you can avoid this vulnerability using one of several methods, including:
-
1. Using a higher level of the SSL/TLS protocol – either TLS 1.1 or TLS 1.2
-
2. Using TLS 1.0 or SSL 3.0 with a stream cipher. CyaSSL supports several, including RC4, HC-128, and RABBIT.
3. If you must use SSL 3.0 or TLS 1.0 with a block cipher, split the first SSL write at the application level into fragments (as modern browsers do).
If you have further concerns or questions, please contact us at info@yassl.com.