 www.centos.org Forum Index CentOS 5 - Security Support  SSL/TLS MITM attack
|
 Bottom  Previous Topic  Next Topic |
|
|
|
|
|---|
Topic options
Threaded
Newest First| Poster | Thread |
|---|
|
SSL/TLS MITM attack | #1 |
|
|---|---|---|---|
|
Newbie
 
Joined: 2009/11/6
From
Posts: 2
|
there is a bug in the tls protocol that allows a mitm attack:
http://extendedsubset.com/?p=8 there is an updated openssl tarball that was put yesterday on openssl.org; http://www.openssl.org/source/openssl-0.9.8l.tar.gz is there any updated rpm from Centos ? (i think that NSS lib will be updated aswell, as it not an implementation bug, but a protocol bug). the protocol correction draft : https://svn.resiprocate.org/rep/ietf-drafts/ekr/draft-rescorla-tls-renegotiate.txt |
||
Posted on: 2009/11/6 9:36
  |
 |
||
flint
|
Re: SSL/TLS MITM attack | #2 |
|
|---|---|---|---|
|
Moderator
Joined: 2006/12/13
From Tidewater Virginia, North America
Posts: 3404
|
The last upstream (and thus CentOS) openssl release was http://rhn.redhat.com/errata/RHSA-2009-1335.html
Is your issue addressed by the bug fixes described there? |
||
|
_________________
Phil Required reading: FAQ & Readme first ; Search hint: google "your topic site:centos.org"; Smart Questions |
|||
Posted on: 2009/11/6 14:48
|
|
||
|
Re: SSL/TLS MITM attack | #3 |
|
|---|---|---|---|
|
Regular Board Member
Joined: 2009/9/24
From Brighton, UK
Posts: 79
|
I suspect that he's talking about the brand new, yet to be patched vulnerability that The Register reported on the other day. http://www.theregister.co.uk/2009/11/05/serious_ssl_bug/
|
||
Posted on: 2009/11/7 2:07
|
|
||
|
Re: SSL/TLS MITM attack | #4 |
|
|---|---|---|---|
|
Newbie
Joined: 2009/11/6
From
Posts: 2
|
Quote:
yes this is this one. here's the redhat bugzilla entry: https://bugzilla.redhat.com/show_bug.cgi?id=533125 |
||
Posted on: 2009/11/9 8:56
|
|
||
 Top Previous Topic Next Topic |
 |
|
You cannot start a new topic.
You can view topic.