Another renegotiation patch
Nikos Mavrogiannopoulos
nmav at gnutls.org
Fri Jan 22 22:41:34 CET 2010
Daniel Kahn Gillmor wrote:
> On 01/21/2010 03:42 PM, Nikos Mavrogiannopoulos wrote:
>> I was thinking about the safe renegotiation case. Currently with the
>> defaults the client behavior is to drop the connection to servers that
>> do not advertise safe renegotiation... This is quite an inconvenience.
>> How do you think of instead of failing disabling renegotiation for this
>> session? I think this will prevent a lot of people from completely
>> disabling safe renegotiation and only disables the part of the protocol
>> that isn't secure..
>
> The problem, as i understand it, is that the client is incapable of
> telling whether the plaintext prefix injection attack has already
> happened. I don't think disabling renegotiation for the session
> resolves the problem.
Ooops. I just reverted my previous change and added NEWS entries.
regards,
Nikos
More information about the Gnutls-devel
mailing list