safe renegotiation in client side

Tomas Mraz tmraz at
Mon Mar 15 23:59:55 CET 2010

On Mon, 2010-03-15 at 23:38 +0100, Simon Josefsson wrote: 
> Nikos Mavrogiannopoulos <nmav at> writes:
> > I have been in favor of enabling safe renegotiation for the client
> > before, but seeing how gnutls is being used today, I might have not been
> > correct and enabling it might cause more trouble than the issue it solves.
> I just had a thought, it may be wrong due to late at night...
> Using safe renegotiation is only important if the client provides
> credentials, right?
> It sounds as if in your testing, GnuTLS clients were unable to talk to
> any server, even if the clients didn't provide a client certificate.  Is
> that right?
> If that is the case, can't we make GnuTLS accept talking to "old"
> servers by default, but if client certificate authentication is
> requested by the application, it will tear down the connection if the
> server doesn't support safe-renegotiation?
> My impression is that client certificate authentication is still not
> that widely used by applications.
> This way, we'll be 100% secure but still work in the majority of cases.
> People using client certificate authentication will not be able to talk
> with old servers, but that is what they should get.

Unfortunately the credentials might take even different forms such as
the auth user name and password and they might be revealed to the
attacker which was demonstrated in the Twitter attack.
Tomas Mraz
No matter how far down the wrong road you've gone, turn back.
                                              Turkish proverb

More information about the Gnutls-devel mailing list