TLS renegotiation MITM

Steve Dispensa dispensa at
Fri Nov 6 16:30:44 CET 2009

Glad to. What's the best git tree? I thought I had the right one based  
on the site.



On Nov 6, 2009, at 5:36 AM, "Simon Josefsson" <simon at>  

> Steve Dispensa <dispensa at> writes:
>> Hi,
>> A colleague and I have released details of a new attack against TLS  
>> in the
>> area of renegotiation. Information is here:
>> During the process of running this bug (and its proposed solution) to
>> ground, I implemented a patch to GNUTLS, attached. There are also  
>> two new
>> files that implement the extension that solves the problem.
>> There is lots of background in the above link, but the one missing  
>> part is
>> the Internet Draft that has been tentatively agreed on by most of  
>> the major
>> vendors (pending IETF action, of course). That draft is what I have
>> implemented, and you should see it posted to the TLS IETF list  
>> tomorrow
>> morning.
>> I'd be happy to help in any way I can.
> What GnuTLS version is your patch for?  We haven't used a
> file in a long time.  Would you mind reworking it for GnuTLS 2.8.x
> and/or 2.9.x?  Those are the latest stable and experimental branches.
> Once the copyright paper issue has been resolved, we could integrate  
> it.
> /Simon

More information about the Gnutls-devel mailing list