[gnutls-help] disable renegotiation
johnbast at protonmail.com
Thu Jun 24 21:09:05 CEST 2021
Asking my question again to those who know:
Is there currently a way in Gnutls to disable renegotiation on TLS and a way to disable client initiated secure renegotiation?
The option to disabling renegotiation is mentioned in RFC5746:
RFC5746: "TLS implementations SHOULD provide a mechanism to disable and enable renegotiation."
RFC5746: "Many servers can mitigate this attack simply by refusing to renegotiate at all."
For this to work, developers and/or users needs to be able to refuse client initiated renegotiation.
An user configurable implementation could have:
I am aware of the option to disable safe renegotiation. That seems to be limited to disabling safe renegotiation, which would likely leave the server vulnerable.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Gnutls-help