[openssl-users] BEAST and SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS

[Salz, Rich]

> What about 3DES with appropriate IV, downgrade and replay
> countermeasures, what exactly is wrong with those ciphers that is beyond
> salvage?(By salvage I mean significantly better than plain text when talking to
> clients that don't support anything more modern, such as certain Microsoft
> systems).

I don't know.  I am not a cryptographer, and I try not to come across as if I were.

"There are no safe SSL3 ciphers" is something several cryptographers and other members of the security community, have said loudly and often.