MozillaWiki

Security:Renegotiation: Difference between revisions

Page Discussion

Security:Renegotiation (view source)

Revision as of 18:18, 9 February 2010

14 bytes added ,  9 February 2010
→‎Scope
Line 23: Line 23:
Because of this, when using the old SSL/TLS protocol versions, Firefox does not know whether it talks to a vulnerable server. Firefox does not know whether a connection has been attacked.
Because of this, when using the old SSL/TLS protocol versions, Firefox does not know whether it talks to a vulnerable server. Firefox does not know whether a connection has been attacked.


An enhanced SSL/TLS protocol version is currently being finalized and is soon to be published as an RFC, currently labeled as draft-rescorla-tls-renegotiation.
An enhanced SSL/TLS protocol version is currently being finalized and is soon to be published as an RFC, currently located at: http://www.rfc-editor.org/authors/rfc5746.txt.


As soon as both parties of an SSL/TLS session (e.g. Firefox and an Internet Server) are using the new protocol version they will be protected against the attack, and Firefox can be sure the connection is protected.
As soon as both parties of an SSL/TLS session (e.g. Firefox and an Internet Server) are using the new protocol version they will be protected against the attack, and Firefox can be sure the connection is protected.
Lord
118

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/201052"