[gnutls-help] disable renogotiation

John johnbast at protonmail.com
Wed Jun 16 12:15:47 CEST 2021


Is there a way in Gnutls to disable renogotiation on TLS and a way to disable client initiated secure renegotiation?

This is useful to harden the server. For example Exim4+Gnutls on Debian 10. There does not seem to be a need to support renegotiation or resumption on a mail server, because STARTTLS sessions are set up in each SMTP session. Disabling renegotiation reduces the attack surface.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210616/73510c0e/attachment.html>

More information about the Gnutls-help mailing list