TLS and SSL Man-In-The-Middle Vulnerability

The recent disclosure of a flaw in the TLS protocol specification and the majority of its implementations has spawned wide ranging debate on the seriousness of the vulnerability. Experts weighing in on all sides have deemed this flaw either earthshaking or inconsequential, that it poses either little risk to enterprises or is potentially devastating. This report presents the current state of our research as well as our understanding of the risks posed by the TLS Renegotiation Flaw, its ramifications for enterprise users, and steps that can be taken to mitigate its risk during the current window of vulnerability. PDF Link