Posted by Thierry Zoller
Subscribe to the RSS feed in case you are interested in updates
This paper explains the vulnerability for a broader audience and summarizes the information that is currently available. The document is prone to updates and is believed to be accurate by the time of writing.
- Updated 18.11.2009 : Added SMTP over TLS attack scenario, added s_client testcase
- Updated 30.11.2009 : Added FTPS analysis, new attacks against HTTPS (injecting responses and downgrading to HTTP)
- Updated 09.12.2009 : Proof of concept files for TRACE and 302 redirect using TLS rengotiation flaw
Download "TLS / SSLv3 renegotiation vulnerability explained"
posted by Thierry Zoller
Related post: Vulnerabilities like it's 1999 SSLv3 / TLS Man in the Middle vulnerability - update #8