19 Oct
2010
19 Oct
'10
13:03
On Monday 18 of October 2010 11:36:59 Willy Weisz wrote:
Is there any version of JDK 1.6 available for openSuSE 11.3 which contains the patch implementing RFC 5746 to mitigate the TLS renegotiation MITM attack?
Do you mean CVE-2009-5555 [1]? This was addressed by Sun Java u19 update and icedtea6-1.7.3 patchset, more recent versions of both JVMs are avaliable in standard update repository [2] [1] http://www.securegoose.org/2009/11/tls-renegotiation-vulnerability- cve.html [2] http://download.opensuse.org/update/11.3/ Regards Michal Vyskocil
Just disallowing the renegotiation isn't an option for my Java applet.
Regards Willy Weisz