Topic: [SOLVED] Secure renegotiation is not secure?
I'm reading "CyaSSL Secure Renegotiation, Documentation and Users Guide, October 13th, 2014, version 3.2.2"
It says "CyaSSL now supports client side Secure Renegotiation. wolfSSL strongly discourages the use of Secure Renegotiation because of attacks that can exploit the lack of secret binding inherit in renegotiation."
Wasn't secure renegotiation in rfc5746 to fix what you're describing? Is there some other attack that makes it no longer secure, and can you please explain. Thanks