TLS Renegotiation Test
November 28th, 2009 by Nasko
The new TLS/SSL man-in-the-middle (MiTM) attack targets the renegotiation part of the protocol. There are two variations of the renegotiation – client initiated and server initiated. This tool allows you to test any web server (input as server:port) for client initiated renegotiation support, as server initiated renegotiation depends on specific server configuration. As currently there is no fix other than disabling renegotiation, this will pretty much tell you whether the server is vulnerable or not to this type of renegotiation attack
Tags: man-in-the-middle, MiTM, renegotiation, SSL, TLS, TLS1.1, TLS1.2, vulnerability
November 30th, 2009 at 08:07
[...] This post was mentioned on Twitter by PhoneFactor, Marsh Ray. Marsh Ray said: RT @naskooskov TLS client initiated renegotiation test http://netsekure.org/2009/11/tls-renegotiation-test/ [...]
November 30th, 2009 at 13:21
[...] has set up a nice test for client-initiated renegotiation on his blog. This is probably the most pervasive, and simplest to exploit, form of the SSL/TLS [...]
December 13th, 2009 at 04:27
[...] Test Here: TLS Renegotiation Test | netsekure rng [...]