Another renegotiation patch

[Tomas Hoger]

Hi Simon!

On Thu, 18 Feb 2010 09:19:06 +0100 Simon Josefsson
<simon at josefsson.org> wrote:

> Steve, Nikos, are you happy with the safe renegotiation implementation
> in git master now?  Do we have complete self-tests of this?  Is it
> documented?  Has there been any interop testing with other
> implementations?  Any other concerns I should be aware of?

Few quick observations:

- GnuTLS prefers RI to SCSV unless using SSL.3.0.  New OpenSSL (and
  afaik NSS too) use SCSV in the initial client hellos even for TLS, to
  play more nicely with broken TLS servers that choke on TLS
  extensions.
- gnutls-cli invoked with --disable-extensions still sends hello with
  extensions.
- gnutls-cli fails to connect to servers not implementing RFC 5746.
  While this is required to fully address the issue on the client side,
  it's likely to cause major issues in short term.  gnutls-cli(1)
  suggests safe initial negotiation should not be required by default
  (see %INITIAL_SAFE_RENEGOTIATION), %UNSAFE_RENEGOTIATION is required
  to connect.
  Note: Both OpenSSL and NSS will not require safe initial negotiation
  yet for interoperability reasons.
- %INITIAL_SAFE_RENEGOTIATION name is somewhat confusing (renegotiation
  vs. negotiation).
- %INITIAL_SAFE_RENEGOTIATION defaults are not documented properly (see
  client concern above).
- I'd consider clarifying %DISABLE_SAFE_RENEGOTIATION description too.

HTH

th.