I could be wrong, but I'm pretty sure that 1999 Schneier paper is unrelated. Saying SSL has known plaintext is like saying a car can be stolen because it has wheels.
And the 2009 MITM attack didn't have any thing to do with decrypting traffic.
If both client and server support TLS 1.1, the conversation will use TLS 1.1 and this attack will not work. This vulnerability demonstration will probably prompt websites such as PayPal to consider adding TLS 1.1 support.
If you host a website using IIS on Windows Server 2008 R2, you can enable TLS 1.1 server-side as an option for customers that have enabled it client side. That regkey is
It's important to be clear that this is a man-in-the-middle attack — it only works when the attacker is on your network and can see the traffic going between your computer and the website.
And the 2009 MITM attack didn't have any thing to do with decrypting traffic.