TLS Renegotiation problem

Simon Josefsson simon at josefsson.org
Tue Nov 10 17:49:28 CET 2009


Steve Dispensa <dispensa at phonefactor.com> writes:

> On 11/10/09 7:22 AM, "Tomas Hoger" <thoger at redhat.com> wrote:
>>> I think we now have some evidence to suggest GnuTLS needn't do anything
>>> about this.  It seems any use of rehandshake with GnuTLS is
>>> application-specific and then the answer is probably to fix that
>>> application instead of GnuTLS.
>> 
>> Is that meant as meant as "no change needed" or "no urgent temporary hotfix
>> needed"?  Is the implementation of the proposed extension still the
>> long-term plan, so that apps needing rehandshakes can do them safely?
>
> [sorry if I'm late to the game; we had a baby a few days ago and I'm sadly
> behind on e-mail and most other things.]

Congratulations!  Perfect timing.. ;)

> I agree with Tomas. When I wrote up the patch, I noticed that there were a
> few impediments to doing renegotiation at all in the way things are
> currently implemented (unless I misunderstood, which I always quite
> possible). Still, at some point, someone is going to really need the feature
> (or decide that the implementation is incomplete without perfect support for
> it), and once that happens, the bug will magically appear unless the TLS
> extension I supported.
>
> There's also a good reason to support the extension from an interop
> standpoint - servers will want to detect patched clients in the (near?)
> future, so sending the extension along will be helpful.

Definitely.  Given a patch (and copyright assignment) for this, we could
add it to the experimental branch today, and once the IANA has allocated
a code point it could even be backported into the stable branch.

But that would be completely unrelated to fixing any short-term security
problem.

/Simon





More information about the Gnutls-help mailing list