16 Feb '12, 11am

[ANN] #ruby 1.8.7 patchlevel 358 released, which adds a countermeasure for BEAST attacks

Security Fix for Ruby OpenSSL module: Allow "0/n splitting" as a prevention for the TLS BEAST attack. In OpenSSL, SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS option for SSL connection is used to prevent TLS-CBC-IV vulnerability described at [1] . It's known issue of TLSv1/SSLv3 but it attracts lots of attention these days as BEAST attack [2] (CVE-2011-3389). Ruby related topics are at our issue tracker [3] . Until now Ruby OpenSSL extension uses SSL_OP_ALL option, the combined option of OpenSSL for various bug workarounds that should be rather harmless, for all SSL connection by default. And it only allows users to add other options so you could not remove the feature that is included in SSL_OP_ALL option, like SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS . It was intentional as it didn't expose constants like SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS , but we should allow to unset the option so th...

Full article: http://www.ruby-lang.org/en/news/2012/02/16/security-fix-...

Tweets

Ruby 1.9.3-p125 and 1.8.7-p358 have been released

ruby-lang.org 16 Feb '12, 12pm

Security Fix for Ruby OpenSSL module: Allow "0/n splitting" as a prevention for the TLS BEAST attack. Denial of service at...

Sortie de Ruby 1.9.3-p125 suite à un correctif ...

ruby-lang.org 16 Feb '12, 2pm

Correction d'une faille de sécurité dans le module OpenSSL : "0/n splitting" comme mesure préventive contre l'attaque TLS ...

Ruby 1.9.3-p125 をリリースした

ruby-lang.org 16 Feb '12, 12pm

a security fixes of the Ruby OpenSSL extension . And many bugs are fixed in this release.

Module: ActionView::Helpers::TextHelper:

api.rubyonrails.org 19 Feb '12, 7am

Creates a Cycle object whose to_s method cycles through elements of an array every time it is called. This can be used for...

New recommended Ruby version: Ruby 1.9.3-p125 i...

rubyflow.com 16 Feb '12, 10pm

New recommended Ruby version: Ruby 1.9.3-p125 is released Posted by DanielKehoe on February 16, 2012 — 0 comments Ruby 1.9...

Sortie de Ruby 1.9.3-p125 suite à un correctif ...

ruby-lang.org 16 Feb '12, 2pm

Correctif pour le module Ruby OpenSSL : Correction d'une faille de sécurité dans le module OpenSSL : "0/n splitting" comme...

A Unix Shell in Ruby

rubyflow.com 16 Feb '12, 12pm

Posted by jstorimer on February 16, 2012 — 0 comments I just published the first article in a series where I implement a U...