SSL officially insecure?

Submitted by R.J._Steinert on Sun, 2009-11-08 23:57

A zero-day flaw in the TLS and SSL protocols has been made public and man-in-the-middle attacks have been demonstrated. I caught wind of this off of ZDnet.

http://news.zdnet.co.uk/security/0,1000000189,39860592,00.htm

Thoughts?

Groups:

Portland (Oregon) · Security Scanner Component and Best Practices

ouch

grendzy - Tue, 2009-11-10 06:01

This looks ugly. Here's a great writeup I found:
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti....

Also, it seems OpenSSL 0.9.81 disables renegotiation by default, which should be an effective workaround for most sites.

Groups.drupal.org is a part of the drupal.org group of sites. Logging in on this site requires an account on the main drupal.org site. If you do not have an account on drupal.org, you will need to create one, log in over there, and then come back here where you should automatically be logged in.

Thanks!

Portland (Oregon)

You must login in order to post into this group.

Portland (Oregon)

New groups

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

All posts: Feed · Page

Group events

December User Group Meeting

2009-12-09 18:00 - 19:30

SSL officially insecure?

ouch

Portland (Oregon)

Portland (Oregon)

New groups

Group notifications

Organizer resources

Group events