000011802 - Remedy the SSLv3 and TLS renegotiation vulnerability CVE-2009-3555 for RCM and RRM

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000011802
Applies ToRSA Certificate Manager 6.8
RSA Registration Manager 6.8
Sun Solaris 2.9
Issue

Remedy the SSLv3 and TLS renegotiation vulnerability CVE-2009-3555 for RCM and RRM


TLS protocols encounter session renegotiation vulnerability in SSL Authentication.

Prior to build520, Certificate Manager supported the SSLC library 2.3.3. RSA Certificate Manager 6.8 build520 supports SSLC library version 2.8.5.1.


SSLC 2.8.5.1 has the new feature "Transport Layer Security (TLS) Renegotiation Indication Extension" (RFC 5746) to address the SSLv3 and TLS renegotiation vulnerability (CVE-2009-3555) issue.

Resolution

This problem is fixed in RSA Certificate Manager 6.8 build520 RSA Registration Manager 6.8 build520.

Legacy Article IDa55027

Attachments

    Outcomes