"The precise effects of the problem are not discussed in the
reports. It would, however, appear to be possible to manipulate
HTML content from websites during data transfer and, for example,
inject malicious code.
"The crux of the problem is, rather than a flawed
implementation, a design flaw in the TLS protocol when
renegotiating parameters for an existing TLS connection. This
occurs when, for example, a client wants to access a secure area on
a web server which requires the requesting client certificates.
When the server establishes that is the case, it begins a
renegotiation to obtain the appropriate client certificate. The
original request gets replayed during this renegotiation as if it
had been authenticated by the client certificate, but it has not.
The discoverer of the problem describes this as an "authentication
Some of the products that appear on this site are from companies from which QuinStreet receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. QuinStreet does not include all companies or all types of products available in the marketplace.