SSL is not secure anymore - Serious vulnerability identified in v3

added by kzvikzvi1
2/5/2010 6:47:55 PM

0 Kicks, 140 Views

A serious vulnerability in SSL v3 and previous versions of SSL protocol has been identified and made public on November 4, 2009. This makes every SSL site vulnerable to serious man-in-middle (MITM) attacks related to renegotiation. This vulnerability is due to the design of "session resumption" feature of SSL protocol.