Another renegotiation patch
thoger at redhat.com
Thu Feb 18 12:52:41 CET 2010
On Thu, 18 Feb 2010 09:19:06 +0100 Simon Josefsson
<simon at josefsson.org> wrote:
> Steve, Nikos, are you happy with the safe renegotiation implementation
> in git master now? Do we have complete self-tests of this? Is it
> documented? Has there been any interop testing with other
> implementations? Any other concerns I should be aware of?
Few quick observations:
- GnuTLS prefers RI to SCSV unless using SSL.3.0. New OpenSSL (and
afaik NSS too) use SCSV in the initial client hellos even for TLS, to
play more nicely with broken TLS servers that choke on TLS
- gnutls-cli invoked with --disable-extensions still sends hello with
- gnutls-cli fails to connect to servers not implementing RFC 5746.
While this is required to fully address the issue on the client side,
it's likely to cause major issues in short term. gnutls-cli(1)
suggests safe initial negotiation should not be required by default
(see %INITIAL_SAFE_RENEGOTIATION), %UNSAFE_RENEGOTIATION is required
Note: Both OpenSSL and NSS will not require safe initial negotiation
yet for interoperability reasons.
- %INITIAL_SAFE_RENEGOTIATION name is somewhat confusing (renegotiation
- %INITIAL_SAFE_RENEGOTIATION defaults are not documented properly (see
client concern above).
- I'd consider clarifying %DISABLE_SAFE_RENEGOTIATION description too.
More information about the Gnutls-devel