AnsweredAssumed Answered

TLS Plaintext Injection (CVE-2009-3555)

Question asked by Jack son on Dec 27, 2013
Latest reply on Apr 14, 2014 by Ivan Ristić

Hi Ivan

 

Is my understanding correct for TLS plaintext injection which requires the following scenario?

 

- the server doesn't support SECURE RENEGOTIATION

- the server responds to RENEGOTIATION request (i.e    R command can successfully be issued from OpenSSL client)

 

Thanks.

Jack

Outcomes