3155527 - Update to Cipher Suites for FalseStart - Version: 1.0

Posted on Tuesday May 10, 2016

Revision Note: V1.0 (May 10, 2016): Advisory published.
Summary: FalseStart allows the TLS client to send application data before receiving and verifying the server Finished message. This allows an attacker to launch a man-in-the-middle (MiTM) attack to force the TLS client to encrypt the first flight of application_data records using the attacker’s chosen cipher suite from the client’s list. To avoid downgrade attacks, TLS clients only allow FalseStart when their strongest cipher suites are negotiated. Read the bulletin here.

Celebrating 35+ Years

Managed Internet Connections

Contact Us

Support Ends for Windows 10 22H2, Windows Server 2012 R2, Exchange 2013, Office 2016