Mailinglist Archive: opensuse-java (6 mails)
| < Previous | Next > |
Re: [opensuse-java] TLS renegotiation RFC 5746
- From: Robert Munteanu <robert.munteanu@xxxxxxxxx>
- Date: Thu, 21 Oct 2010 18:36:14 +0300
- Message-id: <AANLkTinF8eTab8DbQ_ZrVj8sjbrT7xOC94cgkKMLQ-4L@xxxxxxxxxxxxxx>
On Thu, Oct 21, 2010 at 6:34 PM, Willy Weisz <Willy.Weisz@xxxxxxxxxxxx> wrote:
Incidentally, Java 6 Update 22 was pushed to the Updates repository today.
Robert
--
Sent from my (old) computer
--
To unsubscribe, e-mail: opensuse-java+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-java+help@xxxxxxxxxxxx
First of all I mean CVE-2009-3555. The SSL/TLS MITM vulnerability was
addressed in 2 steps:
1. As an emergency action: disable SSL/TLS renegotiation. This is the
"solution" used in Sun Java u19.
2. The real solution was a redefinition of the renegotiation protocol
(see RFC 5746). This was included in Sun Java u22.
Let me reformulate my question: Where can I find an openSuSE Java rpm
set for Sun Java u22 and/or an icedtea6 patchset which includes the RFC
5746 conformimg SSL/TLS renegotiation?
Incidentally, Java 6 Update 22 was pushed to the Updates repository today.
Robert
Regards
Willy Weisz
Michal Vyskocil wrote:
On Monday 18 of October 2010 11:36:59 Willy Weisz wrote:
Is there any version of JDK 1.6 available for openSuSE 11.3 which
contains the patch implementing RFC 5746 to mitigate the TLS
renegotiation MITM attack?
Do you mean CVE-2009-5555 [1]? This was addressed by Sun Java u19 update and
icedtea6-1.7.3 patchset, more recent versions of both JVMs are avaliable in
standard update repository [2]
[1] http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability-
cve.html
[2] http://download.opensuse.org/update/11.3/
Regards
Michal Vyskocil
Just disallowing the renegotiation isn't an option for my Java applet.
Regards
Willy Weisz
--
-----------------------------------------------------------
Willy Weisz
European Centre for Parallel Computing at Vienna (VCPC)
Computational Science Center
University of Vienna
Nordbergstrasse 15/C312
A-1090 Wien
Tel: (+43 1) 4277 - 39424 Fax: (+43 1) 4277 - 9394
e-mail: Willy.Weisz@xxxxxxxxxxxx
--
To unsubscribe, e-mail: opensuse-java+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-java+help@xxxxxxxxxxxx
--
Sent from my (old) computer
--
To unsubscribe, e-mail: opensuse-java+unsubscribe@xxxxxxxxxxxx
For additional commands, e-mail: opensuse-java+help@xxxxxxxxxxxx
| < Previous | Next > |