« Announcing ModSecurity Handbook | Main | ModSecurity Handbook available for pre-order and early access »

Initial test for SSL renegotiation added to SSL Labs

November 17, 2009

I've added an initial implementation of the test that determines if an SSL server is vulnerable to the Authentication Gap MITM attack. At this point the assumption is that no server supports the safe renegotiation TLS extension, which means that a warning is displayed if renegotiation is found to be supported.

In the following days, as the implementations of the safe renegotiation TLS extension start to arrive, I will improve the test to take that into account.