Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Step-by-Step Configuration and Troubleshooting Best Practices for the NGFW, NGIPS and AMP Technologies A Visual Guide to the Cisco Firepower Threat Defense (FTD)
Community Member

TLS Session Renegotiation Vulnerability

Hi Team,

We are trying to scan the ASA firewall and getting the below error. Is there any way to resolve this issue? Please sugget.

We did a security scan of Internal firewall and found one issue - "TLS

Session Renegotiation Vulnerability"


The TLS protocol, and the SSL protocol 3.0 and possibly earlier, does

not properly associate renegotiation handshakes with an existing

connection, which allows man-in-the-middle attackers to insert data into

HTTPS sessions, and possibly other types of sessions protected by TLS or

SSL, by sending an unauthenticated request that is processed

retroactively by a server in a post-renegotiation context, related to a

"plaintext injection" attack

1 REPLY

TLS Session Renegotiation Vulnerability

It would be easier to search for a solution if theres a CVE ID available.

Perhaps it's solved with Interim 9.1.2?

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
417
Views
0
Helpful
1
Replies
CreatePlease to create content