Skip to main content
MSRC

SSL

MS10-049: An inside look at CVE-2009-3555, the TLS renegotiation vulnerability

Tuesday, August 10, 2010

This issue was identified by security researchers Marsh Ray and Steve Dispensa. The vulnerability exists because certain Transport Layer Security (TLS)/Secure Sockets Layer (SSL) protected protocols assume that data received after a TLS renegotiation is sent by the same client as before the renegotiation. Renegotiation is TLS functionality that allows either peer to change the parameters of the secure session.

Read More