<div>Asking my question again to those who know:<br></div><div>Is there currently a way in Gnutls to disable renegotiation on TLS and a way to disable client initiated secure renegotiation?<br></div><div><br></div><div><div>The option to disabling renegotiation is mentioned in RFC5746:<br></div></div><div>RFC5746:
"TLS implementations SHOULD provide a mechanism to disable and enable renegotiation."<br></div><div><br></div><div>RFC5746:
"Many servers can mitigate this attack simply by refusing to renegotiate at all."<br></div><div><br></div><div>For this to work, developers and/or users needs to be able to refuse client initiated renegotiation.<br></div><div><br></div><div>An user configurable implementation could have:
<br></div><div>%DISABLE_RENEGOTIATION<br></div><div>%DISABLE_CLIENT_RENEGOTIATION<br></div><div><br></div><div>I am aware of the option to disable safe renegotiation. That seems to be limited to disabling safe renegotiation, which would likely leave the server vulnerable.<br></div><div><br></div><div>Thanks!<br></div><div><br></div>