safe renegotiation bug?

Nikos Mavrogiannopoulos nmav at
Fri May 28 10:05:40 CEST 2010

Simon Josefsson wrote:

>>> The client by default permits connections, but I don't think clients
>>> should (by default) allow renegotiation against such servers.
>> Why?
> To me it was more that I couldn't answer 'Why not?'.  I'm not sure what
> the balance should be.  We already decided that (by default) we can't
> disable everything we know is insecure due to interop, so decisions
> whether to enable/disable other things by default is subjective.
> NSS does not allow upgraded clients to renegotiate with unupgraded
> servers, see:

I do not believe this is a threat since you have already connected to
the server and anyway he can do whatever he wants (he can do mitm with
any other place he chooses even if you do support safe renegotiation).
Anyway I would not object if you add this, I really see it very minor
issue. For me if it proves to be a problem it could be fixed a minor
release. The current stable version of gnutls does not support any kind
of renegotiation protection and this is much worse.


More information about the Gnutls-devel mailing list