Another renegotiation patch

Tomas Hoger thoger at
Thu Feb 18 12:52:41 CET 2010

Hi Simon!

On Thu, 18 Feb 2010 09:19:06 +0100 Simon Josefsson
<simon at> wrote:

> Steve, Nikos, are you happy with the safe renegotiation implementation
> in git master now?  Do we have complete self-tests of this?  Is it
> documented?  Has there been any interop testing with other
> implementations?  Any other concerns I should be aware of?

Few quick observations:

- GnuTLS prefers RI to SCSV unless using SSL.3.0.  New OpenSSL (and
  afaik NSS too) use SCSV in the initial client hellos even for TLS, to
  play more nicely with broken TLS servers that choke on TLS
- gnutls-cli invoked with --disable-extensions still sends hello with
- gnutls-cli fails to connect to servers not implementing RFC 5746.
  While this is required to fully address the issue on the client side,
  it's likely to cause major issues in short term.  gnutls-cli(1)
  suggests safe initial negotiation should not be required by default
  to connect.
  Note: Both OpenSSL and NSS will not require safe initial negotiation
  yet for interoperability reasons.
- %INITIAL_SAFE_RENEGOTIATION name is somewhat confusing (renegotiation
  vs. negotiation).
- %INITIAL_SAFE_RENEGOTIATION defaults are not documented properly (see
  client concern above).
- I'd consider clarifying %DISABLE_SAFE_RENEGOTIATION description too.



More information about the Gnutls-devel mailing list