[ https://issues.apache.org/jira/browse/DIRMINA-939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13612711#comment-13612711 ]
Yannick Lecaillez edited comment on DIRMINA-939 at 3/25/13 3:29 PM: -------------------------------------------------------------------- Well i'm not a security expert, but i would not bet on that. Reports regarding the man-in-the-middle are from 2009 and report for the DoS are from 2011. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1473 was (Author: ylecaillez): While i'm not a security expert, but i would not bet on that. Reports regarding the man-in-the-middle are from 2009 and report for the DoS are from 2011. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-3555 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1473 > SSL Renegotiation DOS > --------------------- > > Key: DIRMINA-939 > URL: https://issues.apache.org/jira/browse/DIRMINA-939 > Project: MINA > Issue Type: Bug > Components: Core > Reporter: Yannick Lecaillez > Attachments: mina-core.patch > > > More information: > http://www.ietf.org/mail-archive/web/tls/current/msg07553.html > SSLFilter is subject to this issue since it allows client renegotiation. > Test: http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html -- This message is automatically generated by JIRA. If you think it was sent incorrectly, please contact your JIRA administrators For more information on JIRA, see: http://www.atlassian.com/software/jira