Manualshelf

Reference Guide

ManualsBrandsDell ManualsBSAFEBSAFE SSL-J
12345678910
SSL/TLS Communications 3
RSA BSAFE SSL-J 6.2.6 Security Best Practices Guide
SSL/TLS Communications
This section describes potential vulnerabilities with regards to SSL and TLS
communications, and the SSL-J configuration options available to protect against
these vulnerabilities, as well as some general SSL and TLS recommendations.
The potential vulnerabilities include:
SSL/TLS Renegotiation Denial of Service Exploit
Sweet32: Birthday Attack.
Logjam Vulnerability
Poodle Attack
SLOTH Attack
Triple Handshake Vulnerability
Lucky Thirteen Attack
BEAST Exploit
SSL/TLS Renegotiation Denial of Service Exploit
An application that does not properly restrict client-initiated renegotiation within the
SSL and TLS protocols would be vulnerable to a denial of service, based on CPU
consumption, from remote attackers performing many renegotiations within a single
connection.
For more information about this vulnerability, see
CVE-2011-1473.
How to Help Prevent the Attack in SSL-J
SSL-J includes a patch to determine the number of renegotiations that have been
initiated by each SSL/TLS connection, and to ensure the server sets limits on
renegotiation requests.
Note: This patch is only applicable on the server side.