TLS Renegotiation problem

Tomas Hoger thoger at redhat.com
Tue Nov 10 14:22:16 CET 2009


On Tue, Nov 10, 2009 at 12:29:04PM +0100, Simon Josefsson wrote:
> If the servers are linked with OpenSSL I don't know if they are
> vulnerable or not, it would depend on whether OpenSSL perform
> renegotiation without application interaction.

OpenSSL and NSS both do renegotiation transparently for application.

> I think we now have some evidence to suggest GnuTLS needn't do anything
> about this.  It seems any use of rehandshake with GnuTLS is
> application-specific and then the answer is probably to fix that
> application instead of GnuTLS.

Is that meant as meant as "no change needed" or "no urgent temporary hotfix
needed"?  Is the implementation of the proposed extension still the
long-term plan, so that apps needing rehandshakes can do them safely?

Thanks!

th.






More information about the Gnutls-devel mailing list