SSL officially insecure?

Events happening in the community are now at Drupal community events on www.drupal.org.
Posted by R.J. Steinert on November 8, 2009 at 11:57pm

A zero-day flaw in the TLS and SSL protocols has been made public and man-in-the-middle attacks have been demonstrated. I caught wind of this off of ZDnet.

http://news.zdnet.co.uk/security/0,1000000189,39860592,00.htm

Thoughts?

Categories: ,

Comments

ouch

Posted by grendzy on November 10, 2009 at 6:01am

This looks ugly. Here's a great writeup I found:
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti....

Also, it seems OpenSSL 0.9.81 disables renegotiation by default, which should be an effective workaround for most sites.

Portland (Oregon)

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

AltStyle によって変換されたページ (->オリジナル) /