It’s been a while since I last checked any news or used a computer. I was away for more than a month spending time with our new baby daughter and almost completely disconnected from the tubes of the net.
Now that I’m back, I wanted to point to a patch from Microsoft that allows admins to disable TLS renegotiation on both the client and the server side. The security advisory is 977377 and MSRC has published a blog post with a bit more details.
The new RFC that will outline the changes needed to the TLS protocol to fix the problem is almost there and should be out “real soon now”.