4 posts categorized "tls renegotiation"

07/22/2010

Disabling TLS Renegotiation in WebSEAL

The TLS Renegotiation vulnerability is getting more and more attention lately primarily because updates and patches have been coming out that supposedly "fix" the issue by disabling TLS Renegotiation.  IBM is no different from Oracle or Microsoft and has published this page to download updates to GSKit that contains the "fix".  (IBM Universal ID required to download updates).  SSL/TLS support in WebSEAL is through GSKit.

Once the update is applied, TLS Renegotiation will not work.  For most client connections, disabling TLS Renegotiation will not have an impact but stay tuned because later today I'll be publishing a post that details the types of connections that I think will be impacted (and problems that we'll see) when TLS Renegotiation is disabled.

Yes, I understand that this is a flaw in the TLS protocol itself and will take time to fix but I'm afraid that these interim fixes will cause me more production problems than those that will be averted.