TLS Renegotiation problem

Steve Dispensa dispensa at
Tue Nov 10 15:08:00 CET 2009

On 11/10/09 7:22 AM, "Tomas Hoger" <thoger at> wrote:
>> I think we now have some evidence to suggest GnuTLS needn't do anything
>> about this.  It seems any use of rehandshake with GnuTLS is
>> application-specific and then the answer is probably to fix that
>> application instead of GnuTLS.
> Is that meant as meant as "no change needed" or "no urgent temporary hotfix
> needed"?  Is the implementation of the proposed extension still the
> long-term plan, so that apps needing rehandshakes can do them safely?

[sorry if I'm late to the game; we had a baby a few days ago and I'm sadly
behind on e-mail and most other things.]

I agree with Tomas. When I wrote up the patch, I noticed that there were a
few impediments to doing renegotiation at all in the way things are
currently implemented (unless I misunderstood, which I always quite
possible). Still, at some point, someone is going to really need the feature
(or decide that the implementation is incomplete without perfect support for
it), and once that happens, the bug will magically appear unless the TLS
extension I supported.

There's also a good reason to support the extension from an interop
standpoint - servers will want to detect patched clients in the (near?)
future, so sending the extension along will be helpful.


More information about the Gnutls-devel mailing list