AnsweredAssumed Answered

SSL Renegotiation Flaw False Positive

Question asked by bl@ck on Apr 14, 2011
Latest reply on Apr 15, 2011 by bl@ck

I am noticing numerous false positives on some sites I own that say I am vulnerable to MiTM attacks. But for those customers who have applied the following approach: http://support.f5.com/kb/en-us/solutions/public/10000/700/sol10737.html (F5's site) the finding is incorrect.

 

Wouldn't it make sense to add a disclaimer for the finding in the SSL test that this vulnerability may be already addressed depending on the vendor and implemetation? This is a great tool, but I seem some risk to my customer base looking up sites here.

Outcomes