TLS Renegotiation problem

Daniel Kahn Gillmor dkg at
Mon Nov 9 19:01:23 CET 2009

On 11/09/2009 10:19 AM, Simon Josefsson wrote:
> It is important to understand that you are not vulnerable unless you use
> renegotiation, which is not typical.  If you use renegotiation, perhaps
> to request client certificates in a web server, the simplest "fix" is to
> disable any use of renegotiation.

My understanding is that the published attacks are undetectable from the
client-side without the use of the newly-proposed extension.  So barring
that extension, it seems that that the protective workaround you
describe (disabling renegotiation) needs to be done on the server side.

Is there a way that this can be done generically with GnuTLS (e.g. a
priority string, which could conceivably be passed into gnutls by an
administrator without needing a rebuild), or should the server simply
avoid calling gnutls_handshake() more than once per session?



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091109/2ac2ef6c/attachment.pgp>

More information about the Gnutls-devel mailing list