Safe renegotiation patch

Steve Dispensa dispensa at phonefactor.com
Mon Jan 11 15:46:11 CET 2010


All,

I've updated the patch I initially submitted to conform to the new renegotiation draft. It's building and working, and I'm starting interoperability testing today. I hope to have something to post to the list for review in the next day or two.

I wanted to run a couple of decisions by the group as to how this should work. I've modified GNUTLS to always send (only) the RI extension for TLS1+, and to send SCSV for SSLv3 initial client hellos. All other SSLv3 hellos use the extension, as required by the draft. Does that make sense? I'd be glad to explain my reasoning if you'd like.

Also, I'm providing three API's:
 - gnutls_allow_unsafe_renegotiation - allows for "lenient" mode, where we'll agree to talk to a peer that doesn't indicate support for safe renegotiation

 - gnutls_allow_unsafe_initial_negotiation - allows servers to talk to a client that doesn't indicate support for safe renegotiation only as long as the client doesn't attempt to renegotiate (but drops the connection on any renegotiation attempt)

Both default to off.

Thoughts?

Thanks.

 -Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </pipermail/attachments/20100111/68e7c1f6/attachment.htm>


More information about the Gnutls-devel mailing list