TLS Renegotiation problem

Simon Josefsson simon at
Mon Nov 9 16:19:50 CET 2009

As you may have heard, people how found out how to attack TLS as used in
many application protocols.  For more info see:

It is important to understand that you are not vulnerable unless you use
renegotiation, which is not typical.  If you use renegotiation, perhaps
to request client certificates in a web server, the simplest "fix" is to
disable any use of renegotiation.  You don't need to do this if your
application protocol is robust -- for example XMPP/Jabber appears to be
robust against the problem.  HTTPS is not robust.

There is work ongoing to specify a new extension to make TLS
renegotiation safe against this attack, and hopefully GnuTLS will
support it soon.  Patches have been published in but
not yet tested or verified, and the IETF/IANA has not allocated a TLS
extension number for it yet either.


More information about the Gnutls-devel mailing list