TLS Renegotiation problem
Daniel Kahn Gillmor
dkg at fifthhorseman.net
Mon Nov 9 19:01:23 CET 2009
On 11/09/2009 10:19 AM, Simon Josefsson wrote:
> It is important to understand that you are not vulnerable unless you use
> renegotiation, which is not typical. If you use renegotiation, perhaps
> to request client certificates in a web server, the simplest "fix" is to
> disable any use of renegotiation.
My understanding is that the published attacks are undetectable from the
client-side without the use of the newly-proposed extension. So barring
that extension, it seems that that the protective workaround you
describe (disabling renegotiation) needs to be done on the server side.
Is there a way that this can be done generically with GnuTLS (e.g. a
priority string, which could conceivably be passed into gnutls by an
administrator without needing a rebuild), or should the server simply
avoid calling gnutls_handshake() more than once per session?
Regards,
--dkg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20091109/2ac2ef6c/attachment.pgp>
More information about the Gnutls-devel
mailing list