The renegotiation process of the SSL encryption is vulnerable. It allows two negotiations to be handled by different parties. This leaves your data vulnerable to Man-In-The-Middle attacks.

Table of contents
  1. Secure SSL Renegotiation Security Assessment
  2. Secure SSL Renegotiation Vulnerability Information
  3. How to Secure SSL Renegotiation

Secure SSL Renegotiation Security Assessment

Security_Assessment Secure SSL Renegotiation

CVSS Vector: AV:N/AC:M/AU:N/C:N/I:P/A:P

Secure SSL Renegotiation Vulnerability Information

The renegotiation process of the SSL encryption is vulnerable. This allows two negotiations (one before the renegotiation and one after) to be handled by different parties. This leaves the data vulnerable to Man-In-The-Middle attacks.

How to Secure SSL Renegotiation

The problems in the renegotiation protocol have been fixed in the SSL implementations and do not appear in recent protocol versions. Therefore make sure that you use a Secure TLS Configuration and update OpenSSL to the latest version.

E.g., run:

See if Your Web App or API Has Security Vulnerabilities

SCAN FOR FREE NOW