gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: safe renegotiation bug?


From: Nikos Mavrogiannopoulos
Subject: Re: safe renegotiation bug?
Date: Fri, 28 May 2010 09:31:32 +0200
User-agent: Thunderbird 2.0.0.24 (X11/20100411)

Simon Josefsson wrote:

>>>> Should be ok now. I get aborts in the srn5 but they seem intended?
>>> I fixed that now -- however it seems there is another problem, now the
>>> rehandshake succeeds against a server that doesn't support safe
>>> renegotiation.  The second handshake in srn5 should fail, shouldn't it?
>> By default server is on unsafe renegotiation mode and doesn't require
>> any of the extensions, either on the first or subsequent negotiations.
>> Disallowing rengotiations after this point for the client shouldn't
>> offer any advantage since you are already connected securely to a peer.
> 
> But this self tests is with a server that has safe renegotiation
> disabled, see tests/safe-renegotiation/srn5.c.
> 
> The client by default permits connections, but I don't think clients
> should (by default) allow renegotiation against such servers.

Why?



reply via email to

[Prev in Thread] Current Thread [Next in Thread]