safe renegotiation in client side

Daniel Kahn Gillmor dkg at
Tue Mar 16 00:20:06 CET 2010

On 03/15/2010 06:59 PM, Tomas Mraz wrote:
> On Mon, 2010-03-15 at 23:38 +0100, Simon Josefsson wrote: 
>> If that is the case, can't we make GnuTLS accept talking to "old"
>> servers by default, but if client certificate authentication is
>> requested by the application, it will tear down the connection if the
>> server doesn't support safe-renegotiation?
> Unfortunately the credentials might take even different forms such as
> the auth user name and password and they might be revealed to the
> attacker which was demonstrated in the Twitter attack.

I think Tomas is correct here; *any* re-negotiation can be used as a
vector for an attack like this, not just renegotiations which request
client certificates.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 891 bytes
Desc: OpenPGP digital signature
URL: </pipermail/attachments/20100315/b04269ce/attachment.pgp>

More information about the Gnutls-devel mailing list