Overview

Renegotiating TLS

There has been a great deal of chatter in the news, blogs and IETF TLS working group about a recent man-in-the-middle attack that was discovered against the TLS protocol. ICSA Labs is aware of this information and is evaluating the information to see if it affects our certfified products. There are a couple documents below that have documented this attack. We are discussing this issue with our consortium vendors.

Secure Socket Layer - Transport Layer Security (SSL-TLS) technology is an important component of a comprehensive enterprise security strategy. SSL-TLS is a widely used protocol for secure network communications. There are a number of diverse markets that have products using implementations of SSL-TLS. Originally designed as a way to secure browsing of the Web, SSL-TLS implementations are now used in VPNs, Business Transaction Servers, Application Servers, as well as other core business functions. Our goal is to develop a certification testing program that will give buyers of these products the assurance that only a reputable independent third party testing facility like ICSA Labs can provide. That is, a standards based program, with a publicly vetted and posted criteria, against which all products are tested.

Interested in being tested? Interested in joining the SSL-TLS Product Developers Consortium? SSL developers should contact ICSA Labs Secure Communications Program Manager, Guy Snyder via e-mail or phone at 717.790.8142.

Attachment	Size
Renegotiating_TLS.pdf	165.77 KB
Renegotiating_TLS_pd.pdf	67.34 KB

ICSA Labs Certified Products

Browse By Technology: Search By Keyword:

Browse all Product Certifications

Certified Product Vendors

recent blog posts

Why a Test Lab Needs to be Wary of Commercial Exploit Packet Captures

ICSA Labs Offers Tips to Help Enterprises Save Time and Resources When Selecting Security Products in 2010

January 6, 2010

Finding the right security products to protect an organization’s computer systems is often a difficult, time-consuming task. With so many offerings on the market, how does an organization know which product best meets its needs and delivers on its claims? One way companies can accomplish this more easily – and save time and resources – is to rely on third parties to provide independent product assurance as part of the request-for-proposal (RFP) process.

ICSA Labs Is First Security-Product Testing Organization to Earn Key Accreditation

December 18, 2009

ICSA Labs, an independent division of Verizon Business, is the first independent security-product testing and certification laboratory to earn ISO/IEC 17025 accreditation, validating the laboratory’s world-class capabilities.

ICSA Labs Helps Customers More Closely Align With Payment Card Industry’s Data Security Standard

June 22, 2009

ICSA Labs, an independent division of Verizon Business, today announced the availability of new reports that can help businesses that store, process or handle credit card transactions comply with industry requirements for the secure handling of this data.

View Latest News

SSL-TLS