[
https://issues.apache.org/jira/browse/DIRMINA-939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13612711#comment-13612711
]
Yannick Lecaillez edited comment on DIRMINA-939 at 3/25/13 3:29 PM:
--------------------------------------------------------------------
Well i'm not a security expert, but i would not bet on that.
Reports regarding the man-in-the-middle are from 2009 and report for the DoS
are from 2011.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1473
was (Author: ylecaillez):
While i'm not a security expert, but i would not bet on that.
Reports regarding the man-in-the-middle are from 2009 and report for the DoS
are from 2011.
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1473
> SSL Renegotiation DOS
> ---------------------
>
> Key: DIRMINA-939
> URL: https://issues.apache.org/jira/browse/DIRMINA-939
> Project: MINA
> Issue Type: Bug
> Components: Core
> Reporter: Yannick Lecaillez
> Attachments: mina-core.patch
>
>
> More information:
> http://www.ietf.org/mail-archive/web/tls/current/msg07553.html
> SSLFilter is subject to this issue since it allows client renegotiation.
> Test: http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
