TLS Renegotiation problem
thoger at redhat.com
Tue Nov 10 14:22:16 CET 2009
On Tue, Nov 10, 2009 at 12:29:04PM +0100, Simon Josefsson wrote:
> If the servers are linked with OpenSSL I don't know if they are
> vulnerable or not, it would depend on whether OpenSSL perform
> renegotiation without application interaction.
OpenSSL and NSS both do renegotiation transparently for application.
> I think we now have some evidence to suggest GnuTLS needn't do anything
> about this. It seems any use of rehandshake with GnuTLS is
> application-specific and then the answer is probably to fix that
> application instead of GnuTLS.
Is that meant as meant as "no change needed" or "no urgent temporary hotfix
needed"? Is the implementation of the proposed extension still the
long-term plan, so that apps needing rehandshakes can do them safely?
More information about the Gnutls-help