Another renegotiation patch

Nikos Mavrogiannopoulos nmav at gnutls.org
Fri Jan 22 22:41:34 CET 2010


Daniel Kahn Gillmor wrote:
> On 01/21/2010 03:42 PM, Nikos Mavrogiannopoulos wrote:
>> I was thinking about the safe renegotiation case. Currently with the
>> defaults the client behavior is to drop the connection to servers that
>> do not advertise safe renegotiation... This is quite an inconvenience.
>> How do you think of instead of failing disabling renegotiation for this
>> session? I think this will prevent a lot of people from completely
>> disabling safe renegotiation and only disables the part of the protocol
>> that isn't secure..
> 
> The problem, as i understand it, is that the client is incapable of
> telling whether the plaintext prefix injection attack has already
> happened.  I don't think disabling renegotiation for the session
> resolves the problem.

Ooops. I just reverted my previous change and added NEWS entries.

regards,
Nikos





More information about the Gnutls-devel mailing list