Unfortunately, firefox gives this warning when it detects the server doesn't support the new renegotiation protocol, RFC 5746, even if CVE-2009-3555 is no longer a threat. In this sense, it is a false alert, as noted by some in the upstream mozilla bug report:
We will be publishing updated openssl packages in the future that support RFC5746, so this problem can be ignored for now, and will go away completely eventually.
We have fixed CVE-2009-3555 by disabling client-side renegotiation in our updated Apache packages here:
http:// www.ubuntulinux .org/usn/ USN-860- 1
Unfortunately, firefox gives this warning when it detects the server doesn't support the new renegotiation protocol, RFC 5746, even if CVE-2009-3555 is no longer a threat. In this sense, it is a false alert, as noted by some in the upstream mozilla bug report:
https:/ /bugzilla. mozilla. org/show_ bug.cgi? id=554594
We will be publishing updated openssl packages in the future that support RFC5746, so this problem can be ignored for now, and will go away completely eventually.