safe renegotiation bug?

Nikos Mavrogiannopoulos nmav at gnutls.org
Tue Jun 1 16:17:50 CEST 2010


Simon Josefsson wrote:

>>> What do you think about this approach?
>> As a concept I agree... The only problem might be that
>> %PARTIAL_RENEGOTIATION might be misleading in client side because it
>> doesn't really protect from the https renegotiation attack, but this can
>> be made clear in the documentation. I'll try to check it today.
> 
> Right, PARTIAL_RENEGOTIATION is the trade-off approach that is
> vulnerable to some attacks but at least allows interop to happen.  I
> think we have some good warning material in the manual already for this.
> 
> It would be great if you could make modifications to make this happen.
> I can update the self tests to make sure it is working as we want it to.
> Alas I'll be travelling in the next few days, but I'll have some
> connectivity and can do a 2.9.11 release.

Should be ok now. I needed to make some changes in srn5 in order to
work. Please check them because I might have not understand what it
does. It might be better to have a small text that documents what each
srn?.c is testing for. Otherwise if it fails it is difficult to
understand why and what went wrong.


regards,
Nikos




More information about the Gnutls-devel mailing list