Skip navigation
Currently Being Moderated

SSL (TLS In Session) Renegotiation Vulnerability

VERSION 2  Click to view document history
Created on: May 4, 2010 6:51 AM by Truffles - Last Modified:  May 4, 2010 7:10 AM by Truffles

Vulnerability: http://www.kb.cert.org/vuls/id/120541

 

Description and Resolution: The vulnerability referenced above is in relation to SSL Renegotiation. SSL Renegotiation is a feature of SSL and the vulnerability referenced only affects certain software and the way that software uses the SSL feature. Due to the way the Management Gateway uses the SSL Renegotiation feature it is not susceptible to this vulnerability.

 

Note: If a firewall is configured to block SSL (TLS In Session) Renegotiation completely then the Management Gateway Appliance will cease to function. A symptom of this is when you are unable to retrieve a broker certificate. If a test is performed a 90 second delay is noticed when switching to the long session

Comments (0)
LANDESK Community powered by Jive SBS® 4.5.7.1  |  Legal Notices  |  Privacy Policy  |  Icon 

TweeterOn Twitter  |  Icon FacebookOn Facebook © 2007 LANDESK Software