RFC for fixing the TLS Renego vulnerability published

As discussed in this Security Group article, a serious vulnerability in the SSL and TLS protocols renegotiation was discovered last year.

The update of the SSL and TLS protocol to fix the "Renego" vulnerability was published earlier today.

The RFC can be downloaded from http://www.rfc-editor.org/rfc/rfc5746.txt

As mentioned in the article, Opera 10.50 Beta 1 includes support for the updated protocol, although it is not fully activated yet due to usability reasons. In related news, Mozilla included support in their nightlies earlier this week.

2 thoughts on “RFC for fixing the TLS Renego vulnerability published”

  1. I have raised this article in my web host’s forum:http://my.opera.com/securitygroup/blog/show.dml/9762281Consequently, doubt has been raised about the accuracy of Opera 10.51 in identifying patched/unpatched servers. Server Version: Apache/2.2.15 (Unix) mod_ssl/2.2.15 OpenSSL/0.9.8n mod_bwlimited/1.4 PHP/5.2.13 The Windows version of Opera 10.51 reports this incorrectly as: The server does not support secure TLS renegotiation.LATER: I have now tested the Linux version of Opera 10.52 build 6302 which correctly reports the server as patched.

Comments are closed.