tech-security archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

SSL renegociation vulnerability


A question about the latest SSL vulnerability:

The data insertion is possible at SSL renegociation time. When do the
renegociation occur? We are told it happens when client certificate are
used, and on algorithm change. 

When client certificates are not used, when do we have reneegociations?
And how the attacker is able to forecast the next renegociation? Because
it has for forecast in order to inject data, right?

Emmanuel Dreyfus

Home | Main Index | Thread Index | Old Index