Santa Ana, CA, Nov.9, 2009 - CAI Networks has announced new WebMux firmware stops MITM attack on HTTPS
On November 5, 2009, Marsh Ray and Steve Dispensa publically disclosed the possibility of having MITM(Man In The Middle)
attackes on web servers using HTTPS/TLS protocol. At the same day, OpenSSL.org published a fix for their OpenSSL software.
CAI Networks, Inc. immediately worked out a solution for its customers. A new firmware has made available immediately
to all current customers to address this issue.
SSL and TLS is a critical part of all business transactions. Any web site using encryption is affected by this SSL/TLS
vulnerability. HTTP servers will, both IIS and Apache under certain condition, replay the man-in-the-middle inserted arbitrary
prefix in the new authentication context. If the attacker can cause the server to renegotiate its SSL session, the
attacker will be able to subsitute the real client information with faked data, while both the client and server still
believing their communication secure.
There is no easy way to fix this bug on the server, if the server hosts more than one ciphers. CAI Networks, Inc.'s
fix is based on the fix from OpenSSL. It basically disables SSL renegotiation, let WebMux terminate the SSL traffic and
send only clear traffic to the HTTP servers. WebMux with this SSL patch
firmware will stop the SSL renegotiation. If that is not desired behavior, we can load the firmware without this
fix instead. Each WebMux allows up to 32 certificates being used for 32 totally different domains. OpenSSL is currently
working on a TLS extension. We will keep our firmware updated with all the new changes and extension accordingly.
WebMux′s security update is in all new WebMux currently shipping. It is also available to customers with
WebMux under warranty and support contract as a firmware update. Customers with out of warranty units can have its
firmware updated for a fee.
About CAI Networks, Inc.
Founded in 1987, CAI Networks (www.cainetworks.com) specializes in Internet appliances and Internet
server reliability solutions and is a leading provider of IP load balancers. CAI has its engineering
and sales offices in Southern California. WebMux is installed worldwide by businesses, government
agencies, and ISPs to maintain the reliability and availability of websites, portals, and web-based
applications. CAI Networks is a member of the Microsoft and Oracle partner networks.
CAI, DnsMux, and WebMux are trademarks of CAI Networks, Inc. Oracle is a registered trademark of Oracle and/or its affiliates.
For more information, please contact:
CAI Networks, Inc.
Copyright © 2009 CAI Networks, Inc.