The IETF has announced a fix for a potentially serious SSL vulnerability.

"The final draft updates the industry-wide specifications for SSL, which is also referred to as TLS, or transport layer security," writes The Register's Dan Goodin. "Now that the Internet Engineering Task Force has approved it for publishing as a formal standard, it will update RFC 5246, the most recent request for comments that maps out the current SSL protocol."

"The new protocol overhauls the way SSL-enabled software renegotiates encrypted sessions so it's no longer possible for attackers to inject malicious payloads into encrypted traffic passing between two endpoints," Goodin writes.

Click here to read the story at The Register.