safe renegotiation in client side

Nikos Mavrogiannopoulos nmav at
Mon Mar 15 21:46:33 CET 2010

As you may have noticed there was a big fuss lately about a bug in the
TLS protocol that could cause a client to connect to the wrong server
via a renegotiation. There is a fix to the protocol that is
unfortunately incompatible with previous versions (if security is
required). Thus a gnutls client implementing the fix cannot connect to
any non-patched server[0]. To achieve compatibility one has to to
explicitly allow unsafe renegotiation with a priority string. This is
not always possible since gnutls might be used unintentionally by a
program via another library.

With some trials in my system I noticed that the current behavior causes
denial of service and a simple user might not even have control over the
priority string for gnutls.

Given your experiences (as system packager, user, implementor or so),
what do you think is the adoption of priority strings in programs? Given
a program that uses gnutls is it easy to set a string with the
algorithms etc. needed for the negotiation?

I have been in favor of enabling safe renegotiation for the client
before, but seeing how gnutls is being used today, I might have not been
correct and enabling it might cause more trouble than the issue it solves.

Please let me know of what you think.


[0]. so far the fix adoption wasn't that great.

More information about the Gnutls-devel mailing list