Positive: Delphi 10.1 Berlin is out; negative all Embarcadero HTTPS sites still vulnerable to DROWN attack

  

The good news: Delphi 10.1 Berlin is out and released in Berlin (note: you might want to rename Delphi 10 Seattle into Delphi 10.0 Seattle).
Some links:

Bug fix list.
What’s New – RAD Studio.
From the 10.1 What’s New (thanks David Heffernan):

To enforce visibility semantics, class and record helpers cannot access private members of the classes or records that they extend.

Lots of Berlin downloads:

30507 RAD Studio 10.1 Berlin Web Install.
30522 BDE Installer for RAD Studio, Delphi, C++Builder 10.1 Berlin.
30521 RAD Studio 10.1 Berlin FireMonkey Accessibility Pack.
30515 GSA accounts: RAD Studio 10.1 Berlin ISO.
30514 Delphi and C++Builder 10.1 Berlin ISO:

http://altd.embarcadero.com/download/radstudio/10.1/delphicbuilder10_1.iso  
ftp://ftpd.embarcadero.com/download/radstudio/10.1/delphicbuilder10_1.iso  

30491 FireMonkey Premium Styles Pack for RAD Studio 10.1 Berlin.
30492 VCL Premium Styles Pack for RAD Studio 10.1 Berlin.
30510 RAD Studio 10.1 Berlin ISO (incl. Delphi and C++Builder) (same ISOs as above).
30509 RAD Studio 10.1 Berlin (incl. Delphi, C++Builder)-30 day trial.
30499 IP*Works for C++Builder 10.1 Berlin.
30498 IP*Works for Delphi 10.1 Berlin.
30500 FastReport VCL 5 for RAD Studio, Delphi, C++Builder 10.1 Berlin.
30507 RAD Studio 10.1 Berlin Web Install.
30501 FastReport FMX for RAD Studio, Delphi and C++Builder 10.1 Berlin.

The not so good thing: I won’t be using it for a while as now for like 6 weeks or so, all the embarcadero HTTPS sites have been vulnerable to the DROWN man-in-the-middle attack that has been discovered 20160301.
Which means that even without going around the non-HTTPS partner site, I won’t be able to make a secure connection and install it.
Which gives me more time to play with the Xamarin Visual Studio 2015 integration and the cool stuff that MvvmCross offers.

F (DROWN attack)
members.embarcadero.com
the logon site for regular users

No HTTPS at all
tp.embarcadero.com
the partner logon site for MVPs and TPs

F (DROWN attack)
quality.embarcadero.com
the site where to post bug reports and enhancement requests, replacing qc which had no https as all

F (DROWN attack)
community.embarcadero.com
the replacement of the forums server which like the original is down a lot of the time) which for a long time defaulted to http login at http://community.embarcadero.com/login hopefully it doesn’t do that any more).

F (DROWN attack)
forums.embarcadero.com
which has been revived after the old forums server was down more often than it was up

F (DROWN attack)
edn.embarcadero.com
the developers network server containing articles and information

F (DROWN attack)
store.embarcadero.com
buying products

F (DROWN attack)
www.embarcadero.com
the main site

 No TLS on main server;
Google Servers have weak cyphers
embarcadero.com
the mail servers;via ssl-tools.net as SSL labs doesn’t support MX

–jeroen
Sources:

SSL Labs DROWN Test Implementation Details – Qualys Blog
drownattack.com
Filed under: Delphi, Delphi 10 Seattle, Delphi 10.1 Berlin (BigBen), Development, Software Development, Visual Studio 2015, Visual Studio and tools

Comments are closed.