IETF Fix For SSL Protocol Complete
Marsh Ray, a senior software development engineer for PhoneFactor who first discovered the SSL bug in August, says the IETF's extension to SSL, which is the Transport Layer Security (TLS) protocol in IETF parlance, secures the renegotiation process.
"This is a short extension to the handshake protocol of TLS," Ray says. "Some identifiers from the previous session are carried over to the handshake in the subsequent session."
The link for this article located at Dark Reading is no longer available.