Security:Renegotiation: Difference between revisions

Jump to navigation Jump to search

Security:Renegotiation (view source)

Revision as of 14:20, 9 June 2010

3 bytes removed ,  9 June 2010
m
→‎Control: grammar: typo from previous disambiguation
m (→‎Control: grammar: change to most likely incarnation of author's original meaning, but can't be sure — please confirm…)
m (→‎Control: grammar: typo from previous disambiguation)
Line 65: Line 65:
In order to clarify why this distinction is relevant, let's repeat one property of the attack scenarios using the old protocol versions:
In order to clarify why this distinction is relevant, let's repeat one property of the attack scenarios using the old protocol versions:


The attack requires a renegotiation. However, a renegotiation may happen between a MITM and a server, while the Mozilla client is under the impression that the connection it is still at the stage of the initial negotiation.
The attack requires a renegotiation. However, a renegotiation may happen between a MITM and a server, while the Mozilla client is under the impression that the connection is still at the stage of the initial negotiation.


Only the use of the new protocol versions on both sides of a connection can clarify this and ascertain to be safe against the attack.
Only the use of the new protocol versions on both sides of a connection can clarify this and ascertain to be safe against the attack.
Lee Carré
7

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/229182"

Navigation menu