Secure SSL Renegotiation

The renegotiation process of the SSL encryption is vulnerable. It allows two negotiations to be handled by different parties. This leaves your data vulnerable to Man-In-The-Middle attacks.

Security Assessment

Security_Assessment_ SecureSSLRenegotiation

CVSS Vector: AV:N/AC:M/AU:N/C:N/I:P/A:P

Vulnerability Information

The renegotiation process of the SSL encryption is vulnerable. It allows two negotiations (one before the renegotiation, and one after) to be handled by different parties. This leaves the data vulnerable to Man-In-The-Middle attacks.

Guides

Tho problems in the renegotiation protocol have been fixed in the SSL implementations and do not appear in recent protocol versions. Therefore make sure that you use a Secure TLS Configuration and update OpenSSL to the latest version.

E.g. run:

apt-get update; apt-get upgrade # Debian / Ubuntu
yum update # RHeL / CentOS
pacman -Syu # Arch Linux

For more information about Crashtest Security visit crashtest-security.com