Simon Josefsson simon at
Mon May 31 19:23:35 CEST 2010

Nikos Mavrogiannopoulos <nmav at> writes:

> Simon Josefsson wrote:
>> Simon Josefsson <simon at> writes:
>>> Items left is to write and check the safe renegotiation self tests
>>> and to update the documentation section for it.  I think there are bugs
>>> in both those parts right now, that's why I haven't made any releases.
>> Nikos, I have updated the manual now to describe what I believe the
>> behaviour should be -- could you check that it matches your
>> interpretation?
>> Note that I'm not sure how %INITIAL_SAFE_RENEGOTIATION fits into this
>> picture.
> I've update it to include it. Check it and let me know if you agree.

Looks good, although I changed 'connections' to '(re-)handshakes' to be
more consistent with the rest of the section.

>> I also suspect we want a priority string (e.g. %PARTIAL_RENEGOTIATION)
>> to describe today's default behaviour of permitting initial handshakes
>> but not rehandshakes -- so that clients/servers can use it and be
>> forward-compatible even when/if we change the default to make
>> clients/servers refuse initial handshakes without the extension.
> I believe you are talking about the %SAFE_RENEGOTIATION string not
> enforcing the extension on every connection (negotiation or
> renegotiation). This is ok since the threat is not on the server. Server
> is not less secure without the extension. The SAFE_RENEGOTIATION flag
> on the server is there to protect the client and this protection should
> be during renegotiation according to the threat. The
> INITIAL_SAFE_RENEGOTIATION is there to enforce clients to upgrade, by
> denying access to them if they do not support the extension. It does not
> increase security on any of the client or server.

I think this makes sense.

I'll try to push out 2.9.11 tonight..


More information about the Gnutls-devel mailing list