[Freeswitch-users] TLS re-negotiation attack on SIP/TLS of FreeSWITCH?
brian at freeswitch.org
Wed Sep 22 07:55:28 PDT 2010
Please direct your question to the sofia-users list also.
On Sep 22, 2010, at 9:45 AM, Fabio Pietrosanti (naif) wrote:
> There is a nice thread related to Apache ad OpenSSL plenty of nice tech
> information on how it's fixed in Apache starting from a certain OpenSSL
> Additionally there was a very quick OpenSSL fix when in 2009 the
> vulnerability was discovered:
> They could be good hint to have a look and be sure that TLS just does
> not do TLS re-negotiation (the fix it's to just disable TLS re-negotiation).
> Ah! Regarding the certificate check:
> - With SNOM Firmware 8 and with PrivateGSM Enterprise (i will release
> early october for Nokia/iPhone/Blackberry on http://www.privatewave.com)
> there's a forced server-side certificate check to enforce the SIP/TLS
> security checking.
> However the TLS re-negotiation issue it's a different story.
More information about the FreeSWITCH-users