what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 1 of 1 RSS Feed


Renegotiating TLS Man-In-The-Middle
Posted Nov 5, 2009
Authored by Steve Dispensa, Marsh Ray | Site extendedsubset.com

Paper called Renegotiating TLS. Transport Layer Security (TLS, RFC 5246 and previous, including SSL v3 and previous) is subject to a number of serious man-in-the-middle (MITM) attacks related to renegotiation. In general, these problems allow an MITM to inject an arbitrary amount of chosen plaintext into the beginning of the application protocol stream, leading to a variety of abuse possibilities. In particular, practical attacks against HTTPS client certificate authentication have been demonstrated against recent versions of both Microsoft IIS and Apache httpd on a variety of platforms and in conjunction with a variety of client applications. Cases not involving client certificates have been demonstrated as well.

tags | advisory, web, arbitrary, protocol
SHA-256 | ad318f67f8665ad770bc1cf6e8f7832ad97aa4d2cdd2ebe8247c7503e4a60cdb
Page 1 of 1

Top Authors In Last 30 Days

packet storm

© 2022 Packet Storm. All rights reserved.

Security Services
Hosting By