Another renegotiation patch
Tomas Hoger
thoger at redhat.com
Thu Feb 18 15:04:55 CET 2010
On Thu, 18 Feb 2010 13:32:30 +0100 Simon Josefsson
<simon at josefsson.org> wrote:
> > - gnutls-cli invoked with --disable-extensions still sends hello
> > with extensions.
>
> This is actually an unrelated issue -- the parameter doesn't disable
> all extensions even on 2.8.x.
That's possible, I did not get to figure out why it does not work.
I just tried to use it to force GnuTLS to use SCSV in TLS hellos.
> > - gnutls-cli fails to connect to servers not implementing RFC 5746.
> > While this is required to fully address the issue on the client
> > side, it's likely to cause major issues in short term.
> > gnutls-cli(1) suggests safe initial negotiation should not be
> > required by default (see %INITIAL_SAFE_RENEGOTIATION),
> > %UNSAFE_RENEGOTIATION is required to connect.
> > Note: Both OpenSSL and NSS will not require safe initial
> > negotiation yet for interoperability reasons.
>
> Nikos, Steve, what do you think here?
Looks like the current behavior is intentional:
http://git.savannah.gnu.org/cgit/gnutls.git/commit/?id=2a10542bf8f7cfbd5e6a4b17c8d502133da93fc5
I appologize for missing it previously.
> My preference is to not reject these servers, because the
> vulnerability exists theoretically in earlier GnuTLS versions anyway
> but because of the GnuTLS API is different from OpenSSL/NSS most if
> not all GnuTLS applications are not affected by this (renegotiation
> will fail with the majority of GnuTLS applications).
The above commit message should cover these too. I see NEWS explicitly
mentions that clients need to use %UNSAFE_RENEGOTIATION. You may still
wish to emphasize that in the release announcements.
th.
More information about the Gnutls-devel
mailing list