safe renegotiation bug?

Nikos Mavrogiannopoulos nmav at
Tue Jun 1 16:17:50 CEST 2010

Simon Josefsson wrote:

>>> What do you think about this approach?
>> As a concept I agree... The only problem might be that
>> %PARTIAL_RENEGOTIATION might be misleading in client side because it
>> doesn't really protect from the https renegotiation attack, but this can
>> be made clear in the documentation. I'll try to check it today.
> Right, PARTIAL_RENEGOTIATION is the trade-off approach that is
> vulnerable to some attacks but at least allows interop to happen.  I
> think we have some good warning material in the manual already for this.
> It would be great if you could make modifications to make this happen.
> I can update the self tests to make sure it is working as we want it to.
> Alas I'll be travelling in the next few days, but I'll have some
> connectivity and can do a 2.9.11 release.

Should be ok now. I needed to make some changes in srn5 in order to
work. Please check them because I might have not understand what it
does. It might be better to have a small text that documents what each
srn?.c is testing for. Otherwise if it fails it is difficult to
understand why and what went wrong.


More information about the Gnutls-devel mailing list