Ben Laurie blathering

TLS Renegotiation, 7 Months On

It’s been 7 months since the TLS renegotiation problem went public and Opera’s security group have a couple of interesting articles about it. The first is about adoption of patched versions and the verdict is not good, as this graph shows…

Only 12% of servers are patched.

At this rate it will be two years before the fix is widely adopted!

The second is about version intolerance – scarily, nearly 90% of patched servers will not work when a future version of TLS bumps the major version number to 4 (it is currently 3). This is pretty astonishingly crap, and is likely to cause us problems in the future, so I’m glad the Opera guys are working hard to track down the culprits.

By the way, at least according to Opera, OpenSSL does not have this problem.

1 Comment

  1. There is a problem and OpenSSL is not affected? Wow, I can already see people celebrating out on the streets..

    Comment by lispler — 9 Jun 2010 @ 14:18

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress