118
edits
Changes
→Scope
Because of this, when using the old SSL/TLS protocol versions, Firefox does not know whether it talks to a vulnerable server. Firefox does not know whether a connection has been attacked.
An enhanced SSL/TLS protocol version is currently being finalized and is soon to be published as an RFC, currently labeled as draftlocated at: http://www.rfc-rescorla-tls-renegotiationeditor.org/authors/rfc5746.txt.
As soon as both parties of an SSL/TLS session (e.g. Firefox and an Internet Server) are using the new protocol version they will be protected against the attack, and Firefox can be sure the connection is protected.