« Updated Howto: Setting up BigIP for JSESSIONID-Based Persistence | Main | TLS Renegotiation Remediation is Going to be Unpleasant »


Disabling TLS Renegotiation in WebSEAL

The TLS Renegotiation vulnerability is getting more and more attention lately primarily because updates and patches have been coming out that supposedly "fix" the issue by disabling TLS Renegotiation.  IBM is no different from Oracle or Microsoft and has published this page to download updates to GSKit that contains the "fix".  (IBM Universal ID required to download updates).  SSL/TLS support in WebSEAL is through GSKit.

Once the update is applied, TLS Renegotiation will not work.  For most client connections, disabling TLS Renegotiation will not have an impact but stay tuned because later today I'll be publishing a post that details the types of connections that I think will be impacted (and problems that we'll see) when TLS Renegotiation is disabled.

Yes, I understand that this is a flaw in the TLS protocol itself and will take time to fix but I'm afraid that these interim fixes will cause me more production problems than those that will be averted.


TrackBack URL for this entry:

Listed below are links to weblogs that reference Disabling TLS Renegotiation in WebSEAL: