User: Password:
|
|
Subscribe / Log in / New account

TLS renegotiation vulnerability

TLS renegotiation vulnerability

Posted Dec 3, 2009 0:10 UTC (Thu) by xoddam (subscriber, #2322)
In reply to: TLS renegotiation vulnerability by robbe
Parent article: TLS renegotiation vulnerability

As I understand it, the certificate exchange is still between the client and the server; the MITM does nothing more than forward the data and insert a cleartext payload into a window of vulnerability. In this attack, the MITM does not need to know or have any certificate or cipher keys.


(Log in to post comments)


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds