TLS Renegotiation problem
thoger at redhat.com
Wed Nov 18 19:28:52 CET 2009
On Tue, 17 Nov 2009 11:32:46 +0100 Simon Josefsson
<simon at josefsson.org> wrote:
> > In GnuTLS, rehandshaking needs to be done explicitly by servers when
> > they get the GNUTLS_E_REHANDSHAKE error back from
> > gnutls_record_recv. If servers don't call gnutls_handshake when
> > that happens, there is no problem. So people can check their
> > applications if they are vulnerable to this problem.
> For everyone's information, searching for "GNUTLS_E_REHANDSHAKE" in
> code is not be sufficient: that only takes care of the situation
> where the local client reacts on a renegotiation request from the
> remote server.
> You also have to search for "gnutls_rehandshake" to take care of the
> situation where the local server initiates the renegotiation request.
I did a search for that in Red Hat Enterprise Linux sources and I've
not found anything using it. Google codesearch finds it in mod_gnutls
though. From a 30sec look, it may be using it in similar cases as
mod_ssl / mod_nss.
More information about the Gnutls-devel