Closed RoestVrijStaal closed 8 years ago
Freak Attack shouldn't be a problem. See: https://freakattack.com/clienttest.html The same goes for Poodle Attack: https://www.poodletest.com/
All those tests were performed on SailfishOS 2.0.0.10 with Webcat 2.0.8
Yeah, but WebCat still supports old protocols and cyphers like SSL 3.0.
This needs to be adressed upstream then. On my tests I think I had my router (firewall) blocking sslv3 which lead to not vulnerable messages in the various testing suites. I will reopen it and mark it as an upstream (qtwebkit) bug that needs fixing there. (basically by updating to a newer qt version)
Fixed
Was it fixed by you or by SFOS updates?
I have a fixed version available in the ll-webkit github repo. https://github.com/llelectronics/lls-qtwebkit Jolla should have fixed it also
Sorry, what is hash of this commit?
Sorry my bad. The fork from me fixes some image loading issues and memory leaks. The actual fix should have landed in the various different libs qtwebkit depends on like openssl. SSLv3 disabling is also possible during compile time. I think it is disabled by default now in a openssl update Jolla did for its latest version 2.0.1.11 I rechecked the different security tests today before releasing the new version and was not able to see any security issues thus I closed this here.
Thank you for responding!
Like Web Pirate, WebCat is still suffering of the FREAK, POODLE and other numerous attacks. https://github.com/Dax89/harbour-webpirate/issues/30
I've checked it with https://www.ssllabs.com/ssltest/viewMyClient.html
Please release a bugfix version which at least work around to fix those problems.