TLS Renegotiation MITM Vulnerability is Fully Fixed in Java SE

It's time to upgrade your Java Runtime Environment to JRE 6 update 22, JRE 5.0 update 26, or JRE 1.4.2 update 28 at least , or the latest updates. Sooner, rather than later!

Java SE has implemented RFC 5746, and fully fixed the TLS renegotiation MITM vulnerability from JDK 7 and above update release.

Most of the SSL/TLS implementation vendors have already fixed the vulnerability in their product lines. Unfortunately, many famous commercial sites on the Web have not yet upgraded their software, according to the last report (by the edit time of this paper, it is Fri, Jul. 01, 2011) , Potential Vulnerability status of major ecommerce sites.

If your site is in list of the above report, it is exposed to public that the site is unsafe. Your site in the risk of attack. Why not take action, right now?

Popular posts from this blog

Java™ SE 7 Release Security Enhancements - Weak Cryptography Control

JSSE Oracle Provider Preference of TLS Cipher Suites

JEP 114: TLS SNI Extension - Virtual Servers Dispatcher