Discussions
Stay up-to-date with the latest news from NetSuite. You’ll be in the know about how to connect with peers and take your business to new heights at our virtual, in-person, on demand events, and much more.
Now is the time to ask your NetSuite-savvy friends and colleagues to join the NetSuite Support Community! Refer now! Click here to watch and learn more!
Update your Profile with your Support type to get your Support Type badge.
Expand your NetSuite knowledge by joining our Ask A Guru Live sessions. RSVP on this event now.
Nominate Your Peers for NetSuite Support Community's Choice of the Quarter! Submit your nomination today.
No Limits. Just possibilities.
Join us for complimentary one-day events around the world and step into a future fueled by AI and limitless potential. Explore new breakthroughs, sharpen your skills, and connect with experts who are shaping what’s next. Experience bold keynotes, interactive learning, and connections that span the global NetSuite community. Discover what's next at SuiteConnect Tour 2026.
NetSuite launches new wholesale distributions solution in Japan in January 2026!

NetSuite has launched SuiteSuccess Wholesale Distribution Edition, in Japan. Please join us the webinar on February 12 that introduces NetSuite solution with demos and case studies for Wholesale Industry.

Register Now
NetSuite 2026.1 Release Notes - This document summarizes the changes to NetSuite between 2026.1 and the previous release.

Have questions or experiences to share? Post your Release 2026.1 questions and join discussions in the Release 2026.1 category.

Security Metrics Scan Failed

edited Nov 28, 2012 7:16PM in Web Site / E-Commerce 1 comment

We just had our quarterly scan by Security Metrics fail with the following reasons:

TCP  443  https  5.8 
Description: SSL / TLS Renegotiation Handshakes MiTM Plaintext Data Injection Synoposis: The remote service allows insecure renegotiation of TLS / SSL connections. Impact: The remote service encrypts traffic using TLS / SSL but allows a client to insecurely renegotiate the connection after the initial handshake. An unauthenticated, remote attacker may be able to leverage this issue to inject an arbitrary amount of plaintext into the beginning of the application protocol stream, which could facilitate man-in-the-middle attacks if the service assumes that the sessions before and after renegotiation are from the same 'client' and merges them at the application layer. See

Howdy, Stranger!

Log In

To view full details, sign in.

Register

Don't have an account? Click here to get started!

Leaderboard

Community Whiz

Quarter 1 (Jan-Mar 2026)

This Week's Leaders

This Month's Leaders

All Time Leaders