Firefox error
Chris Kloiber
ckloiber at ckloiber.com
Mon Mar 7 04:16:56 UTC 2011
Sounds to me that Firefox is "protecting" you from this exploit by
preventing the connection. Perhaps it's being a bit over-protective, and
should allow you to override it like an expired/self-signed SSL
Certificate. The actual problem is most likely the scs.fidelity.com web
server however.
On 03/06/2011 10:25 PM, les wrote:
> I am getting the following error on one of my fidelity pages:
>
>
> scs.fidelity.com : server does not support RFC 5746, see CVE-2009-3555
>
>
> I googled "CVE-2009-3555" which reveled the following:
>
> The TLS protocol, and the SSL protocol 3.0 and possibly earlier, as used
> in Microsoft Internet Information Services (IIS) 7.0, mod_ssl in the
> Apache HTTP Server 2.2.14 and earlier, OpenSSL before 0.9.8l, GnuTLS
> 2.8.5 and earlier, Mozilla Network Security Services (NSS) 3.12.4 and
> earlier, multiple Cisco products, and other products, does not properly
> associate renegotiation handshakes with an existing connection, which
> allows man-in-the-middle attackers to insert data into HTTPS sessions,
> and possibly other types of sessions protected by TLS or SSL, by sending
> an unauthenticated request that is processed retroactively by a server
> in a post-renegotiation context, related to a "plaintext injection"
> attack, aka the "Project Mogul" issue.
>
> In my case this means I have a function that will not load from the
> fidelity website. And from reading this, maybe a "man in the middle"
> vulnerability.
>
> Does anyone know if this has been fixed? This would appear to be SSL or
> OS related from the description, so Firefox and Mono or Moonlight
> wouldn't seem to be the correct locations for a bug report, and since it
> is a "known" hazard, the bug must have already been reported. So my
> question is what should I do to rectify the situation?
> Les H
>
--
Chris Kloiber
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6223 bytes
Desc: S/MIME Cryptographic Signature
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20110306/0dd96af1/attachment.bin
More information about the users
mailing list