Draft release notes for 2.10.0
thoger at redhat.com
Thu Apr 29 16:08:27 CEST 2010
On Thu, 29 Apr 2010 09:41:03 +0200 Simon Josefsson wrote:
> proper client attempts to contact the server, the attacker hijacks
> that connection and uses the TLS renegotiation feature with the
> server and splices in the client connection to the already
> established connection between the client and server.
"*attacker* and server"
> However, some server implementations will (incorrectly) assume that
> the data sent by the attacker was sent by the now authenticated
Renegotiation does not have to change client authentication status
(either TLS or application level). Twitter attack is one example.
> However, by default GnuTLS client and servers will not refuse
> renegotiation attempts when the extension has not been negotiated, as
> this would break backwards compatibility and cause too much
> operational problems. We will likely reconsider these defaults in
> the future.
If these defaults change (discussion in the other thread), you may
wish to extend this to cover different impact of allowing initial / re-
negotiation on clients and servers.
> To modify the default behaviour, we have introduced three new priority
Following paragraph describes 4, even though one is special.
More information about the Gnutls-devel