SSL officially insecure?

Events happening in the community are now at Drupal community events on www.drupal.org.

Posted by R.J. Steinert on November 8, 2009 at 11:57pm

A zero-day flaw in the TLS and SSL protocols has been made public and man-in-the-middle attacks have been demonstrated. I caught wind of this off of ZDnet.

http://news.zdnet.co.uk/security/0,1000000189,39860592,00.htm

Thoughts?

Comments

ouch

Posted by grendzy on November 10, 2009 at 6:01am

This looks ugly. Here's a great writeup I found:
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti....

Also, it seems OpenSSL 0.9.81 disables renegotiation by default, which should be an effective workaround for most sites.

Portland (Oregon)

You must register or login in order to post into this group.

Group organizers

Group categories

Topic

DrupalCamp 2009 (20)
- Presentation Topics (6)
- Sponsorship (3)
- Venue (2)
Job or position (45)
Outreach Events (22)
PNWDS 2011 (17)
Suggested User Group Topic (39)
Training (16)

New groups

Group notifications

This group offers an RSS feed. Or subscribe to these personalized, sitewide feeds:

All posts:
- Feed
- Page