As of 2016 few servers still seems to be vulnerable to CVE-2009-3555.
I currently test it with (Mozilla Firefox)[https://wiki.mozilla.org/Security:Renegotiation] with security.ssl.require_safe_negotiation = true & security.ssl.treat_unsafe_negotiation_as_broken = true.
Latest example is akamaihd.
As of 2016 few servers still seems to be vulnerable to CVE-2009-3555. I currently test it with (Mozilla Firefox)[https://wiki.mozilla.org/Security:Renegotiation] with security.ssl.require_safe_negotiation = true & security.ssl.treat_unsafe_negotiation_as_broken = true. Latest example is akamaihd.