A fix for SSL’s potentially serious vulnerability have been decided.
The new protocol would prevent attackers to inject malicious payloads between two endpoints via encrypted traffic that passes between them.
It is a longer-term fix and would not put SSL sessions at risk.
“Now that the standard is final, people will need to go back to polish up their implementations and make sure they conform exactly to the standard so they function well. There’s still quite a bit of work to be done,” said the chief technology officer of PhoneFactor.
Source: The Register