My OperaThe My Opera forums have been replaced with forums.opera.com. Please head over there to discuss Opera's products and features
See the new ForumsYou need to be logged in to post in the forums. If you do not have an account, please sign up first.
BEAST - Browser Exploit Against SSL/TLS (1.0)
There are a couple of interesting security articles on DistroWatch about a proof-in-concept exploit that affects the SSL 3.0 & TLS 1.0 security protocols. Most https sites only support TLS 1.0. The author of the article recommends installing and using Opera to shame Firefox and Chrome into adding TLS 1.2 and ultimately getting Web sites to upgrade to TLS 1.2. The exploit requires both JavaScript and Java to be enabled. His recommendation is to disable Java which I have now done in Firefox and Opera. Opera 10.1x supports enabling Java in site preferences in the Content tab. 11.52 does not; enable plug-ins on demand does not help.Here are the links: Beauty and the BEAST: Is TLS 1.0 compromised? Taming The BEAST: Java Unplugged
P.S.: I checked the link in my signature to Security @ Opera. There is a post there about this issue. The "BEAST" SSL/TLS issue. One of the requirements for the attack can't be met in Opera because it is not possible for JavaScript to append data to a request after it has been started. There is an edit at the bottom that the latest Java version (Version 6 Update 29) has corrected the problem with Java. Test your Java version
Firefox 23.0, Opera 10.11-4791; Platform: SunOS (OpenIndiana); System: i86pc Opera Desktop Team Security @ Opera Sitepatching blog
Linux in VirtualBox | Opera 12.15-1748
Linux in VirtualBox | Opera 12.15-1748