[gnutls-devel] GnuTLS | Renegotiation with both renegotiation_info and SCSV at once is allowed (#828)
Development of GNU's TLS library
gnutls-devel at lists.gnutls.org
Thu Sep 12 09:58:03 CEST 2019
t184256 commented:
Wait, seems like I wasn't paying enough attention to the RFC =(
(https://tools.ietf.org/html/rfc5746#section-3.7, Server Behavior: Secure Renegotiation)
* When a ClientHello is received, the server MUST verify that it
does not contain the TLS_EMPTY_RENEGOTIATION_INFO_SCSV SCSV. If
the SCSV is present, the server MUST abort the handshake.
Seems like not aborting on receiving both is non-compliant after all.
--
Reply to this email directly or view it on GitLab: https://gitlab.com/gnutls/gnutls/issues/828#note_216101220
You're receiving this email because of your account on gitlab.com.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-devel/attachments/20190912/77b4de91/attachment.html>
More information about the Gnutls-devel
mailing list