TLS Renegotiation problem
Simon Josefsson
simon at josefsson.org
Mon Nov 9 16:19:50 CET 2009
As you may have heard, people how found out how to attack TLS as used in
many application protocols. For more info see:
http://www.ietf.org/id/draft-rescorla-tls-renegotiation-00.txt
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://extendedsubset.com/
http://www.imperialviolet.org/2009/11/05/tls-reneg.html
It is important to understand that you are not vulnerable unless you use
renegotiation, which is not typical. If you use renegotiation, perhaps
to request client certificates in a web server, the simplest "fix" is to
disable any use of renegotiation. You don't need to do this if your
application protocol is robust -- for example XMPP/Jabber appears to be
robust against the problem. HTTPS is not robust.
There is work ongoing to specify a new extension to make TLS
renegotiation safe against this attack, and hopefully GnuTLS will
support it soon. Patches have been published in
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3944 but
not yet tested or verified, and the IETF/IANA has not allocated a TLS
extension number for it yet either.
/Simon
More information about the Gnutls-devel
mailing list