This is a notice that a recent vulnerability has been discovered in the
OpenSSL protocol. The vulnerability is a man-in-the-middle attack upon
renegotiation of an SSL session and a good summary of the problem can
be found at:
http://www.theregister.co.uk/2009/11/05/serious_ssl_bug/
http://www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html
For more technical details you can look at:
http://www.tombom.co.uk/blog/?p=85
http://extendedsubset.com/?p=8
http://www.links.org/?p=780
http://www.links.org/?p=786
The OSG security team is has been following this announcement and you can find additional information for that at:
https://ticket.grid.iu.edu/goc/viewer?id=7714
Monday, November 9, 2009
Subscribe to:
Post Comments (Atom)
Posts
No comments:
Post a Comment