[gnutls-help] disable renegotiation

John johnbast at protonmail.com
Wed Jun 16 21:32:42 CEST 2021


Hi Jeremy,

Thanks for your reply!

On Wednesday, June 16th, 2021 at 1:34 PM, Jeremy Harris <jgh at wizmail.org> wrote:
> On 16/06/2021 11:15, John wrote:
>
> > Is there a way in Gnutls to disable renegotiation on TLS and a way to disable client initiated secure renegotiation?
>
> https://gnutls.org/manual/html_node/Safe-renegotiation.html#Safe-renegotiation
>
> "It is possible to disable use of the extension completely, in both clients and servers, by using the %DISABLE_SAFE_RENEGOTIATION priority string however we strongly recommend you to only do this for debugging and test purposes."

I read that before, and found it somewhat unclear. I'd interpret it as disabling _safe_ renegotiation as the keyword says. I'd like to be able to disable all renegotiation and seperately all client renegotiation. This talks about disabling an unnamed extension, which could be interpreted as the "safe renegotiation" extension. The safe renegotiation extension is named as such in the same text.

For now I read it as disabling "safe renegotiation". It doesn't make much sense to do disable just the safe part in 2021 while still allowing renegotiation. I that sense I understand the warning.

RFC5746 (2010):
"Many servers can mitigate this attack simply by refusing to renegotiate at all."

Although this is about just one attack (a specific MitM attack), this does not only apply to one purpose.

RFC5746:
"TLS implementations SHOULD provide a mechanism to disable and enable renegotiation."

I read that as: [all] TLS implementations should be able to disable [all] renegotiation.

An implementation could have:
%DISABLE_RENEGOTIATION
%DISABLE_CLIENT_RENEGOTIATION

> > This is useful to harden the server. For example Exim4+Gnutls on Debian 10. There does not seem to be a need to support renegotiation or resumption on a mail server, because STARTTLS sessions are set up in each SMTP session. Disabling renegotiation reduces
> > the attack surface.
>
> Resumption is a different kettle of fish, but since it wasn't enabled in the most-recent Exim release I doubt that Debian's build it up.

> Even if they did, the project coding has it not enabled until you do so explicitly in config. As for need, if you're repeatedly connecting the same pair of hosts, resumption saves cpu cycles.

>From a security perspective, it's mainly about internet facing mail (MX) servers and defending against DoS and other threats known or unknown.

Does Debian 10 Exim4+gnutls support client initiated renegotiation? Immuniweb SSL test (host:25) reports that it does.

Debian 10 Apache2+openssl seems to not allow client initiated renegotiation according to the remote test by Immuniweb.

Thanks,

John




More information about the Gnutls-help mailing list