gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: safe renegotiation


From: Simon Josefsson
Subject: Re: safe renegotiation
Date: Sat, 22 May 2010 17:52:05 +0200
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Nikos Mavrogiannopoulos <address@hidden> writes:

> Simon Josefsson wrote:
>
>> 
>>> If people notice that no clients can connect on their servers will
>>> either install an older version of gnutls that "works" or just go to
>>> mod_ssl. Moreover it is problematic in the sense that an administrator
>>> might not detect at all that his site is inaccessible and only find
>>> out after losing customers or so. I think that fixing a security issue
>>> but as a side-effect causing serious issues in interoperability with
>>> old software is a recipe for people to move out of your software
>>> (intel never managed to get rid of x86, and I don't think we can
>>> afford it).
>>>
>>> Let's be conservative and wait. This issue proved not to be that
>>> important in the internet (not many people upgraded because of this).
>> 
>> According to Tomas, OpenSSL protect against this.  If that is the case,
>> I think the answer is simple: we should do the same.
>
> I've commited a patch that does that in git.

Thanks!  I think this solves the main remaining concern with the safe
renegotiation stuff before a release...  however documentation and self
tests still needs to be written, I'll try to work on this now.

/Simon



reply via email to

[Prev in Thread] Current Thread [Next in Thread]