safe renegotiation

Simon Josefsson simon at
Thu Apr 29 10:16:07 CEST 2010

I've tested the safe renegotiation stuff a bit more, and I believe we
could tweak the defaults to make them slightly more secure: let
%SAFE_RENEGOTIATION be the default for servers.

This means that servers will refuse to RE-negotiate against clients that
does not support the extension.

We surveyed GnuTLS server applications earlier, and found that none of
them (except one) supported TLS renegotiation at all.  The impact of
this change should be minimal.

The odd package is mod_gnutls for Apache, but it exposes a priority
string interface to the administrator, thus allowing them to override
the behaviour easily -- however we should recommend that they don't,
because it is really insecure.

Thoughts?  Objections?


More information about the Gnutls-devel mailing list