safe renegotiation bug?

Nikos Mavrogiannopoulos nmav at gnutls.org
Mon May 31 20:40:03 CEST 2010


Simon Josefsson wrote:

>   GnuTLS supports the safe renegotiation extension.  The default
>   behavior is as follows.  Clients will attempt to negotiate the safe
>   renegotiation extension when talking to servers.  Servers will accept
>   the extension when presented by clients.  Clients and servers will
>   permit an initial handshake to complete even when the other side does
>   not support the safe renegotiation extension.  Clients and servers
>   will refuse renegotiation attempts when the extension has not been
>   negotiated.
> 
> I don't think that is (especially last sentence) what is implemented
> now.  I would prefer to implement what is described in that text
> (because it seems to make sense to me), but we could change the text to
> match what is implemented (more relaxed approach).

I'd prefer to keep the current behavior because it allows clients to
have a maximum compatibility when %UNSAFE_RENEGOTIATION is specified,
which was my purpose of it. Maybe some other flag could be introduced
such as %INITIAL_UNSAFE_RENEGOTIATION, but this can happen at any point
later.

regards,
Nikos




More information about the Gnutls-devel mailing list