Fabio Pietrosanti (naif)
2010-Sep-22 14:26 UTC
[asterisk-users] TLS re-negotiation attack on SIP/TLS of Asterisk?
Hi all, i read about the TLS-RENEGOTIATION vulnerability: http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html http://www.sslshopper.com/article-ssl-and-tls-renegotiation-vulnerability-discovered.html www.phonefactor.com/sslgapdocs/Renegotiating_TLS.pdf Does the Asterisk 1.6/1.8 SIP/TLS implementation suffer from the TLS Renegotiation vulnerability or the TLS-renegotiation it's disabled by default, in how OpenSSL is used? Fabio Pietrosanti