Quicklinks: Home | Contact |

TLS / SSLv3 renegotiation vulnerability explained (Update #2)(

Posted by Thierry Zoller

Subscribe to the RSS feed in case you are interested in updates

This paper explains the vulnerability for a broader audience and summarizes the information that is currently available. The document is prone to updates and is believed to be accurate by the time of writing.

  • Updated 18.11.2009 : Added SMTP over TLS attack scenario, added s_client testcase
  • Updated 30.11.2009 : Added FTPS analysis, new attacks against HTTPS (injecting responses and downgrading to HTTP)  
  • Updated 09.12.2009 : Proof of concept files for TRACE and 302 redirect using TLS rengotiation flaw

Download "TLS / SSLv3 renegotiation vulnerability explained"

posted by Thierry Zoller

Related post: Vulnerabilities like it's 1999 SSLv3 / TLS Man in the Middle vulnerability - update #8

 

0 comments:

Post a Comment