09-05-2013 06:23 AM - edited 03-11-2019 07:34 PM
Hi Team,
We are trying to scan the ASA firewall and getting the below error. Is there any way to resolve this issue? Please sugget.
We did a security scan of Internal firewall and found one issue - "TLS
Session Renegotiation Vulnerability"
The TLS protocol, and the SSL protocol 3.0 and possibly earlier, does
not properly associate renegotiation handshakes with an existing
connection, which allows man-in-the-middle attackers to insert data into
HTTPS sessions, and possibly other types of sessions protected by TLS or
SSL, by sending an unauthenticated request that is processed
retroactively by a server in a post-renegotiation context, related to a
"plaintext injection" attack
09-06-2013 06:08 AM
It would be easier to search for a solution if theres a CVE ID available.
Perhaps it's solved with Interim 9.1.2?
Michael
Please rate all helpful posts
10-24-2018 08:44 AM
I believe the CVE is CVE-2009-3555
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide