Oracle iPlanet Web Server 7.0.9 Release Notes

Resolution of SSL/TLS Vulnerability CVE-2009-3555

Web Server 7.0 Update 7 included NSS 3.12.5, which provided relief, but not resolution, for the SSL/TLS renegotiation vulnerability CVE-2009-3555. Additionally, Web Server 7.0 Update 7 disabled all use of SSL/TLS renegotiation in order to protect Web Server from attack. If either the client or Web Server attempted to trigger renegotiation on an existing SSL/TLS session, the connection would fail.

Web Server 7.0.9 includes NSS 3.12.6, which provides safe SSL/TLS renegotiation and so provides resolution of CVE-2009-3555. As a result, Web Server 7.0.9 re-enables use of SSL/TLS renegotiation.