Another renegotiation patch

Tomas Hoger thoger at
Thu Feb 18 15:04:55 CET 2010

On Thu, 18 Feb 2010 13:32:30 +0100 Simon Josefsson
<simon at> wrote:

> > - gnutls-cli invoked with --disable-extensions still sends hello
> > with extensions.
> This is actually an unrelated issue -- the parameter doesn't disable
> all extensions even on 2.8.x.

That's possible, I did not get to figure out why it does not work.
I just tried to use it to force GnuTLS to use SCSV in TLS hellos.

> > - gnutls-cli fails to connect to servers not implementing RFC 5746.
> >   While this is required to fully address the issue on the client
> >   side, it's likely to cause major issues in short term.
> >   gnutls-cli(1) suggests safe initial negotiation should not be
> >   required by default (see %INITIAL_SAFE_RENEGOTIATION),
> >   %UNSAFE_RENEGOTIATION is required to connect.
> >   Note: Both OpenSSL and NSS will not require safe initial
> >   negotiation yet for interoperability reasons.
> Nikos, Steve, what do you think here?

Looks like the current behavior is intentional:

I appologize for missing it previously.

> My preference is to not reject these servers, because the
> vulnerability exists theoretically in earlier GnuTLS versions anyway
> but because of the GnuTLS API is different from OpenSSL/NSS most if
> not all GnuTLS applications are not affected by this (renegotiation
> will fail with the majority of GnuTLS applications).

The above commit message should cover these too.  I see NEWS explicitly
mentions that clients need to use %UNSAFE_RENEGOTIATION.  You may still
wish to emphasize that in the release announcements.


More information about the Gnutls-devel mailing list