[gnutls-help] disable renegotiation
John
johnbast at protonmail.com
Thu Jun 24 21:09:05 CEST 2021
Asking my question again to those who know:
Is there currently a way in Gnutls to disable renegotiation on TLS and a way to disable client initiated secure renegotiation?
The option to disabling renegotiation is mentioned in RFC5746:
RFC5746: "TLS implementations SHOULD provide a mechanism to disable and enable renegotiation."
RFC5746: "Many servers can mitigate this attack simply by refusing to renegotiate at all."
For this to work, developers and/or users needs to be able to refuse client initiated renegotiation.
An user configurable implementation could have:
%DISABLE_RENEGOTIATION
%DISABLE_CLIENT_RENEGOTIATION
I am aware of the option to disable safe renegotiation. That seems to be limited to disabling safe renegotiation, which would likely leave the server vulnerable.
Thanks!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.gnupg.org/pipermail/gnutls-help/attachments/20210624/8a7e8e26/attachment.html>
More information about the Gnutls-help
mailing list