Phocean.net / Computer Security » IETF http://www.phocean.net "A defense that hedgehogs possess is the ability to roll into a tight ball, causing all of the spines to point outwards." -- Wikipedia Wed, 30 Nov 2011 22:02:47 +0000 en hourly 1 http://wordpress.org/?v=3.3.1 SSL/TLS RFC updated against CVE-2009-3555 http://www.phocean.net/2010/01/09/ssltls-rfc-updated-against-cve-2009-3555.html?utm_source=rss&utm_medium=rss&utm_campaign=ssltls-rfc-updated-against-cve-2009-3555 http://www.phocean.net/2010/01/09/ssltls-rfc-updated-against-cve-2009-3555.html#comments Sat, 09 Jan 2010 11:23:09 +0000 phocean http://www.phocean.net/?p=673 A solution has been finally brought up to fix CVE-2009-3555 and the temporary solution that broke client authentication.

At least, the IETF agreed on a fix as Marsh Ray informs us, though it will still take some weeks for the whole validation process to complete.

Moreover, as it requires both the servers and the clients to be patched, it will take months before the patches can be applied and one can have a working client authentification architecture. The longest will be the client side, of course, so I feel sorry for those who have a large park to manage.

As far as I am concerned, fortunately, I will just have a few browsers that I manage directly to update. Anyway, still more patience is needed !

]]> http://www.phocean.net/2010/01/09/ssltls-rfc-updated-against-cve-2009-3555.html/feed 0