search for: regenoti

...re completely independent. This allows an attack as follows: a MITM intercepts a connection from a real client. It then connects to the target server itself and negotiates a SSL/TLS connection. The MITM may then inject some data of its choice (say, the start of a HTTP request) before it initiates a regenotiation with the server and proxies the real client's negotiation to the server. The real client thinks it is negotiating for the first time, but the real server thinks the client is renegotiating. Once the negotiation is complete, thereal client and server continue the connection (proxied via the...