safe renegotiation in client side

Simon Josefsson simon at
Tue Mar 16 16:02:51 CET 2010

Daniel Kahn Gillmor <dkg at> writes:

> On 03/15/2010 06:59 PM, Tomas Mraz wrote:
>> On Mon, 2010-03-15 at 23:38 +0100, Simon Josefsson wrote: 
>>> If that is the case, can't we make GnuTLS accept talking to "old"
>>> servers by default, but if client certificate authentication is
>>> requested by the application, it will tear down the connection if the
>>> server doesn't support safe-renegotiation?
>> Unfortunately the credentials might take even different forms such as
>> the auth user name and password and they might be revealed to the
>> attacker which was demonstrated in the Twitter attack.
> I think Tomas is correct here; *any* re-negotiation can be used as a
> vector for an attack like this, not just renegotiations which request
> client certificates.

Yes.  Sigh.


More information about the Gnutls-devel mailing list