EldoS | Feel safer!

Software components for data protection, secure storage and transfer

Version 7.2

Also by EldoS: CallbackProcess
A component to control process creation and termination in Windows and .NET applications.
Posted: 11/18/2009 13:37:19
by Eugene Mayevski (EldoS Corp.)

We decided to postpone release of version 7.2 of SecureBlackbox in order to let the users better counteract the newly discovered flaw in TLS protocol. While SecureBlackbox itself doesn't require a fix, we want to add better support for those users, who want to ensure that their software is not affected.

Technical details:

Most problems come not from the protocol itself, but the way it's used (and misused) by the server software. Many of you probably read that the issue comes from renegotiation initiated by the servers in order to authenticate the client. The renegotiation is initiated not by the protocol implementation, but by the software (in SecureBlackbox you need to explicitly call RenegotiateCiphers method to initiate renegotiation). However, even when you don't use renegotiation, but the server you are connecting to, does, there's still a problem.

The technical working group, which was organized in September (we were not invited), has offered an extension that would let the applications (when both sides of the communication support this extension) counteract the attack. We decided to implement this extension as soon as possibly and include it to 7.2 release. Unfortunately we only came across this information today, and this caused the delay. I hope to make the release available on Friday.

Sincerely yours
Eugene Mayevski
Posted: 11/20/2009 14:23:25
by Eugene Mayevski (EldoS Corp.)

Version 7.2 release is available on the download page.

Sincerely yours
Eugene Mayevski



Topic viewed 845 times

Number of guests: 1, registered members: 0, in total hidden: 0


Back to top

As of July 15, 2016 EldoS Corporation will operate as a division of /n software inc. For more information, please read the announcement.

Got it!