[Freeswitch-users] TLS re-negotiation attack on SIP/TLS of FreeSWITCH?

Brian West brian at freeswitch.org
Wed Sep 22 07:55:28 PDT 2010


Please direct your question to the sofia-users list also.
/b


On Sep 22, 2010, at 9:45 AM, Fabio Pietrosanti (naif) wrote:

> There is a nice thread related to Apache ad OpenSSL plenty of nice tech
> information on how it's fixed in Apache starting from a certain OpenSSL
> version:
> http://www.mail-archive.com/dev@httpd.apache.org/msg46216.html
> 
> Additionally there was a very quick OpenSSL fix when in 2009 the
> vulnerability was discovered:
> http://www.links.org/files/no-renegotiation-2.patch
> 
> They could be good hint to have a look and be sure that TLS just does
> not do TLS re-negotiation (the fix it's to just disable TLS re-negotiation).
> 
> Ah! Regarding the certificate check:
> - With SNOM Firmware 8 and with PrivateGSM Enterprise (i will release
> early october for Nokia/iPhone/Blackberry on http://www.privatewave.com)
> there's a forced server-side certificate check to enforce the SIP/TLS
> security checking.
> 
> However the TLS re-negotiation issue it's a different story.
> 
> Fabio




More information about the FreeSWITCH-users mailing list