safe renegotiation bug?
Nikos Mavrogiannopoulos
nmav at gnutls.org
Mon May 31 20:40:03 CEST 2010
Simon Josefsson wrote:
> GnuTLS supports the safe renegotiation extension. The default
> behavior is as follows. Clients will attempt to negotiate the safe
> renegotiation extension when talking to servers. Servers will accept
> the extension when presented by clients. Clients and servers will
> permit an initial handshake to complete even when the other side does
> not support the safe renegotiation extension. Clients and servers
> will refuse renegotiation attempts when the extension has not been
> negotiated.
>
> I don't think that is (especially last sentence) what is implemented
> now. I would prefer to implement what is described in that text
> (because it seems to make sense to me), but we could change the text to
> match what is implemented (more relaxed approach).
I'd prefer to keep the current behavior because it allows clients to
have a maximum compatibility when %UNSAFE_RENEGOTIATION is specified,
which was my purpose of it. Maybe some other flag could be introduced
such as %INITIAL_UNSAFE_RENEGOTIATION, but this can happen at any point
later.
regards,
Nikos
More information about the Gnutls-devel
mailing list