Link: Links » Another Protocol Bites The Dust
SSL renegotiation now considered harmful. The author of this one has proven that undetectable man-in-the-middle attacks are possible in SSL, and has added a patch to OpenSSL to disallow renegotiation (thus solving the problem).
Hopefully vendors jump on this one very quickly.