You can get this new version of OpenSSL at the link below. http://www.openssl.org/source/
This event will no doubt develop over the next coming weeks and months, it should be interesting to see how far research goes into other protocols that ride on top of TLS/SSL channels. Let us not forget that not all traffic that is TLS/SSL encrypted is HTTP. Just off the top of my head I can think of LDAP, MSSQL, Email, and let us not forget SSL VPNS! Since this is a bug in a low lying protocol that higher level applications/protocols rely on there will no doubt be allot of interest issues raised. No doubt plenty of people including myself will have a busy weekend rereading the TLS specification. For those who are bored, feel free to read that specification at the URL below. TLS 1.0: http://www.ietf.org/rfc/rfc2246.txt SSL 3.0: http://tools.ietf.org/html/draft-ietf-tls-ssl-version3-00
Andre Ludwig |
AndreL 56 Posts Nov 6th 2009 |
Thread locked Subscribe |
Nov 6th 2009 1 decade ago |
"It appears that they have made the choice to simply remove TLS/SSL negotiation"
Should "negotiation" be "renegotiation"? |
Anonymous |
Quote |
Nov 6th 2009 1 decade ago |
Whoops, good eye not sure how I missed that one. Thanks for spotting that.
|
AndreL 56 Posts |
Quote |
Nov 6th 2009 1 decade ago |
Sign Up for Free or Log In to start participating in the conversation!