Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.

Dismiss

SSL/TLS Protocol Vulnerabilities CVE-2009-3555

2 views

Skip to first unread message

Jason77

unread,

Dec 11, 2009, 5:43:01 AM12/11/09

Hi Guys,

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555

Ok there's a new problem with the SSLv3/TLS protocol, it shows as being a
flaw with the protocol itself.
The only solution is for the manufacturers who utilise the protocols to
release new or updated versions of software to allow us to close the
renegotiation 'hole'

OpenSSL have released an updated version - good news, i'm now waiting for
some word about microsoft as it has been shown there is an Issue with IIS.
I've had a rake about the net and not found much/any comment of this issue
on the Microsoft side of things - i may just be rubbish at looking.

Are microsoft working on a solution to this? Has it already been patched?
How long do we need to wait?

I am running IIS v6 - how about setting SSLAlwaysNegoClientCert ? - this
would prevent renegotiation, is this a workaround for this problem?

Thanks in advance.

Jason

0 new messages