Understanding Problems with MS10-049, KB 980436 and IETF RFC5746http://blogs.msdn.com/b/jpsanders/archive/2010/09/08/understanding-problems-with-ms10-049-kb-980436-and-ietf-rfc5746.aspxUnderstanding Problems with MS10-049, KB 980436 and IETF RFC5746 Microsoft released a Security update MS10-049: Vulnerabilities in SChannel could allow remote code execution. This update patches vulnerabilities in SChannel (TLS) that can be exploiteden-USTelligent Evolution Platform Developer Build (Build: 5.6.50428.7875)re: Understanding Problems with MS10-049, KB 980436 and IETF RFC5746http://blogs.msdn.com/b/jpsanders/archive/2010/09/08/understanding-problems-with-ms10-049-kb-980436-and-ietf-rfc5746.aspx#10355251Tue, 02 Oct 2012 19:38:14 GMT91d46819-8472-40ad-a661-2c78acb4018c:10355251Jeff Sanders<p>Hi Dan,</p> <p>This article should be fairly complete however you can certainly open a support case to discuss this further.</p> <p><a rel="nofollow" target="_new" href="http://support.microsoft.com/oas">support.microsoft.com/oas</a></p> <p>-Jeff</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10355251" width="1" height="1">re: Understanding Problems with MS10-049, KB 980436 and IETF RFC5746http://blogs.msdn.com/b/jpsanders/archive/2010/09/08/understanding-problems-with-ms10-049-kb-980436-and-ietf-rfc5746.aspx#10355245Tue, 02 Oct 2012 19:14:47 GMT91d46819-8472-40ad-a661-2c78acb4018c:10355245Dan Martin<p>It looks like we are bumping into this issue as well.</p> <p>JPSanders, is there any way that we can discuss this further via PM? &nbsp;My team has several questions regarding the behavior of this patch and how we can work around the issues we are seeing.</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10355245" width="1" height="1">re: Understanding Problems with MS10-049, KB 980436 and IETF RFC5746http://blogs.msdn.com/b/jpsanders/archive/2010/09/08/understanding-problems-with-ms10-049-kb-980436-and-ietf-rfc5746.aspx#10086030Thu, 04 Nov 2010 11:39:33 GMT91d46819-8472-40ad-a661-2c78acb4018c:10086030Jeff Sanders<p>That server is built on open source I believe. &nbsp;The problem would be with the openSSL library. &nbsp;He can build get the openSSL library himself and rebuild the code for the server. &nbsp;He can also request a fix from the vendor. &nbsp;Every client that calls the server could also be patched as an alternative. &nbsp;Obviously patching every client is not a great idea gut it is possible.</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10086030" width="1" height="1">re: Understanding Problems with MS10-049, KB 980436 and IETF RFC5746http://blogs.msdn.com/b/jpsanders/archive/2010/09/08/understanding-problems-with-ms10-049-kb-980436-and-ietf-rfc5746.aspx#10085856Thu, 04 Nov 2010 02:37:53 GMT91d46819-8472-40ad-a661-2c78acb4018c:10085856Asher T<p>I&#39;ve got a customer who&#39;s using webMethods Integration Server and he&#39;s facing this issue as well. Does he need to request a patch for webMethods? Also does your workaround need to be done at client side? It&#39;s a Win2k3 x86 Server SP3 for the server but client side could be any desktop OS.</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10085856" width="1" height="1">re: Understanding Problems with MS10-049, KB 980436 and IETF RFC5746http://blogs.msdn.com/b/jpsanders/archive/2010/09/08/understanding-problems-with-ms10-049-kb-980436-and-ietf-rfc5746.aspx#10071263Mon, 04 Oct 2010 16:55:25 GMT91d46819-8472-40ad-a661-2c78acb4018c:10071263Jeff Sanders<p>Mike, It should!</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10071263" width="1" height="1">re: Understanding Problems with MS10-049, KB 980436 and IETF RFC5746http://blogs.msdn.com/b/jpsanders/archive/2010/09/08/understanding-problems-with-ms10-049-kb-980436-and-ietf-rfc5746.aspx#10064308Fri, 17 Sep 2010 23:29:35 GMT91d46819-8472-40ad-a661-2c78acb4018c:10064308Mike B<p>Does the UseScsvForTls registry setting work on Windows 2008R2?</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10064308" width="1" height="1">re: Understanding Problems with MS10-049, KB 980436 and IETF RFC5746http://blogs.msdn.com/b/jpsanders/archive/2010/09/08/understanding-problems-with-ms10-049-kb-980436-and-ietf-rfc5746.aspx#10060685Sat, 11 Sep 2010 13:20:03 GMT91d46819-8472-40ad-a661-2c78acb4018c:10060685Alan McF<p>For those who haven&#39;t read the RFC Draft, SCSV stands for &quot;Signalling Cipher Suite Value&quot;:</p> <p> &nbsp; &quot;This SCSV is not a true cipher suite ... instead it has the same semantics as an empty &quot;renegotiation_info&quot; extension, ...</p> <p> &nbsp; (&quot;Because SSLv3 and TLS implementations reliably ignore unknown cipher suites, the SCSV may be safely sent to any server.&quot;)</p> <div style="clear:both;"></div><img src="http://blogs.msdn.com/aggbug.aspx?PostID=10060685" width="1" height="1">