Tuesday, 27 September 2011

Microsoft Releases a TLS 1.1 Fix Tool for Windows

Microsoft has released a security advisory relating to the SSL/TLS vulnerability previously discussed.   Included in the advisory are a workaround and a tool that can implement a fix on Windows 7 and Windows Server 2008 R2 systems.

If you're using a version of Windows prior to version 7 or Server 2008 R2, your system doesn't even support TLS 1.1.   Your only hope is that server admins fix the SSL/TLS problem on their web servers.

Interestingly enough, the RC4 cipher suite is unaffected.   Only encryption based on CBC (cipher block chaining) is affected.   RC4 is a streaming cipher, which is not affected.

1 comment:

  1. [...] been doing quite a bit of research into the BEAST (Browser Exploit Against SSL/TLS) vulnerability that security researchers Juliano [...]

    ReplyDelete