FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- SSL protocol flaw

Affected packages
6.3 < FreeBSD < 6.3_14
6.4 < FreeBSD < 6.4_8
7.1 < FreeBSD < 7.1_9
7.2 < FreeBSD < 7.2_5
8.0 < FreeBSD < 8.0_1

Details

VuXML ID 406779fd-ca3b-11df-aade-0050568f000c
Discovery 2009-12-03
Entry 2010-10-24

Problem Description:

The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters.

References

FreeBSD Advisory SA-09:15.ssl