safe renegotiation

Nikos Mavrogiannopoulos nmav at
Thu Apr 29 11:02:14 CEST 2010

On Thu, Apr 29, 2010 at 10:16 AM, Simon Josefsson <simon at> wrote:
> I've tested the safe renegotiation stuff a bit more, and I believe we
> could tweak the defaults to make them slightly more secure: let
> %SAFE_RENEGOTIATION be the default for servers.
> This means that servers will refuse to RE-negotiate against clients that
> does not support the extension.
> The odd package is mod_gnutls for Apache, but it exposes a priority
> string interface to the administrator, thus allowing them to override
> the behaviour easily -- however we should recommend that they don't,
> because it is really insecure.

This will actually harm mod_gnutls. Renegotiation is a common issue in
HTTPS (for upgrading authentication using a certificate for certain
locations). If people notice that no clients can connect on their
servers will either install an older version of gnutls that "works" or
just go to mod_ssl. Moreover it is problematic in the sense that an
administrator might not detect at all that his site is inaccessible
and only find out after losing customers or so. I think that fixing a
security issue but as a side-effect causing serious issues in
interoperability with old software is a recipe for people to move out
of your software (intel never managed to get rid of x86, and I don't
think we can afford it).

Let's be conservative and wait. This issue proved not to be that
important in the internet (not many people upgraded because of this).


More information about the Gnutls-devel mailing list