[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: safe renegotiation
From: |
Simon Josefsson |
Subject: |
Re: safe renegotiation |
Date: |
Thu, 29 Apr 2010 12:32:40 +0200 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) |
Nikos Mavrogiannopoulos <address@hidden> writes:
> On Thu, Apr 29, 2010 at 10:16 AM, Simon Josefsson <address@hidden> wrote:
>> I've tested the safe renegotiation stuff a bit more, and I believe we
>> could tweak the defaults to make them slightly more secure: let
>> %SAFE_RENEGOTIATION be the default for servers.
>>
>> This means that servers will refuse to RE-negotiate against clients that
>> does not support the extension.
> [...]
>> The odd package is mod_gnutls for Apache, but it exposes a priority
>> string interface to the administrator, thus allowing them to override
>> the behaviour easily -- however we should recommend that they don't,
>> because it is really insecure.
>
> This will actually harm mod_gnutls. Renegotiation is a common issue in
> HTTPS (for upgrading authentication using a certificate for certain
> locations).
It is not used frequently though, and it is vulnerable to attack.
My main point is that mod_gnutls may 1) document this problem and
suggesting people to use %UNSAFE_RENEGOTIATION in the docstring, or even
2) use %UNSAFE_RENEGOTIATION by default if no other priority string is
provided.
> If people notice that no clients can connect on their servers will
> either install an older version of gnutls that "works" or just go to
> mod_ssl. Moreover it is problematic in the sense that an administrator
> might not detect at all that his site is inaccessible and only find
> out after losing customers or so. I think that fixing a security issue
> but as a side-effect causing serious issues in interoperability with
> old software is a recipe for people to move out of your software
> (intel never managed to get rid of x86, and I don't think we can
> afford it).
>
> Let's be conservative and wait. This issue proved not to be that
> important in the internet (not many people upgraded because of this).
According to Tomas, OpenSSL protect against this. If that is the case,
I think the answer is simple: we should do the same.
/Simon