Commit
Microsoft's IIS doesn't support it, and is not replying with ServerHello after receiving ClientHello which contains it. The good way might be allowing to opt-out this at runtime from javascript-land, but unfortunately OpenSSL doesn't support it right now. see #5119
- Loading branch information
There are no files selected for viewing
44 comments
on commit 28c6e42
There was a problem hiding this comment.
Unintentional security features, episode 42.
There was a problem hiding this comment.
hahaha, best accidental security fix ever :)
There was a problem hiding this comment.
👍
There was a problem hiding this comment.
❤️
There was a problem hiding this comment.
Random acts of brilliance™
There was a problem hiding this comment.
Random acts of brilliance™[2]
There was a problem hiding this comment.
\o/
There was a problem hiding this comment.
👏
There was a problem hiding this comment.
opt-out ftw
There was a problem hiding this comment.
good!:+1:
There was a problem hiding this comment.
👍
There was a problem hiding this comment.
Behind had luck comes good luck.
There was a problem hiding this comment.
❤️ kudos to node
There was a problem hiding this comment.
毒德大学
Sick! Uber! Classic! Masterpiece!
There was a problem hiding this comment.
good!
hackers gonna hack
There was a problem hiding this comment.
this is awesome!
There was a problem hiding this comment.
👍
There was a problem hiding this comment.
💯
There was a problem hiding this comment.
👏
There was a problem hiding this comment.
As I pointed out in the mailing list, this is mostly dumb luck, but not entirely, since the bug that led to this change was a symptom of the same problem that allowed Heartbleed to happen (heartbeats being an obscure code path not receiving sufficient bug auditing).
There was a problem hiding this comment.
slow clap
There was a problem hiding this comment.
❤
There was a problem hiding this comment.
+1
There was a problem hiding this comment.
👏 ❤️
There was a problem hiding this comment.
I was hoping for some insight in these comments not for a stream of juvenile and useless low-effort comments. I'm happy, you're happy, we're all happy that Node is not affected. Ok, now do something productive.
There was a problem hiding this comment.
👍
There was a problem hiding this comment.
I find it somewhat amusing that Microsoft's software not liking something forced us to turn off a feature that otherwise contains probably the largest software security vulnerability to date.
There was a problem hiding this comment.
You got lucky with 'OPENSSL_NO_HEARTBEATS', now let's hope you got equally lucky with 'L_ENDIAN', 'PURIFY' and '_REENTRANT'.
There was a problem hiding this comment.
Haha. Awesome.
There was a problem hiding this comment.
+1
There was a problem hiding this comment.
lol...
🍻
There was a problem hiding this comment.
Slow clap indeed xD
There was a problem hiding this comment.
+1
There was a problem hiding this comment.
+1
There was a problem hiding this comment.
<3 Epic!
There was a problem hiding this comment.
👏
There was a problem hiding this comment.
There was a problem hiding this comment.
Node is awesome even unintentionally 👍
There was a problem hiding this comment.
:-)
There was a problem hiding this comment.
+1 nice.
There was a problem hiding this comment.
great
There was a problem hiding this comment.
+1
There was a problem hiding this comment.
haha awesome
There was a problem hiding this comment.
haha perfect !
I like this line a lot.