On Thursday 12 November 2009, Kurt Roeckx wrote:
> On Wed, Nov 11, 2009 at 11:16:19PM +0100, Enrique D. Bosch wrote:
> > In particular, practical attacks exists against HTTPS and could
> > affect other protocols that use SSL/TLS.
>
> It's my understanding that there is a patch for mod_ssl that
> s
On Thu, Nov 12, 2009 at 10:40:22AM +0100, Enrique D. Bosch wrote:
> On Thu, 12 Nov 2009, Kurt Roeckx wrote:
>
> >The changes says:
> > *) Disable renegotiation completely - this fixes a severe security
> >problem (CVE-2009-3555) at the cost of breaking all
> >renegotiation. Renegotiation c
On Thu, 12 Nov 2009, Kurt Roeckx wrote:
The changes says:
*) Disable renegotiation completely - this fixes a severe security
problem (CVE-2009-3555) at the cost of breaking all
renegotiation. Renegotiation can be re-enabled by setting
SSL3_FLAGS_ALLOW_UNSAFE_LEGACY_RENEGOTIATION in
On Wed, Nov 11, 2009 at 11:16:19PM +0100, Enrique D. Bosch wrote:
>
> In particular, practical attacks exists against HTTPS and could affect other
> protocols that use SSL/TLS.
It's my understanding that there is a patch for mod_ssl that
should prevent it and which does not require changes to ope
Subject: CVE-2009-3555: SSL/TLS renegotiation MITM vulnerability
Package: openssl
Version: 0.9.8g-15+lenny5
Severity: grave
*** Please type your report below this line ***
This is a SSL/TLS protocol vulnerability not specific to openssl.
Transport Layer Security (TLS, RFC 5246 and previous, in
5 matches
Mail list logo
