FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

FreeBSD -- SSL protocol flaw

Affected packages
6.3 <= FreeBSD < 6.3_14
6.4 <= FreeBSD < 6.4_8
7.1 <= FreeBSD < 7.1_9
7.2 <= FreeBSD < 7.2_5
8.0 <= FreeBSD < 8.0_1

Details

VuXML ID 406779fd-ca3b-11df-aade-0050568f000c
Discovery 2009-12-03
Entry 2010-10-24
Modified 2016-08-09

Problem Description:

The SSL version 3 and TLS protocols support session renegotiation without cryptographically tying the new session parameters to the old parameters.

References

FreeBSD Advisory SA-09:15.ssl