gnutls-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: safe renegotiation bug?


From: Nikos Mavrogiannopoulos
Subject: Re: safe renegotiation bug?
Date: Mon, 31 May 2010 20:40:03 +0200
User-agent: Thunderbird 2.0.0.24 (X11/20100411)

Simon Josefsson wrote:

>   GnuTLS supports the safe renegotiation extension.  The default
>   behavior is as follows.  Clients will attempt to negotiate the safe
>   renegotiation extension when talking to servers.  Servers will accept
>   the extension when presented by clients.  Clients and servers will
>   permit an initial handshake to complete even when the other side does
>   not support the safe renegotiation extension.  Clients and servers
>   will refuse renegotiation attempts when the extension has not been
>   negotiated.
> 
> I don't think that is (especially last sentence) what is implemented
> now.  I would prefer to implement what is described in that text
> (because it seems to make sense to me), but we could change the text to
> match what is implemented (more relaxed approach).

I'd prefer to keep the current behavior because it allows clients to
have a maximum compatibility when %UNSAFE_RENEGOTIATION is specified,
which was my purpose of it. Maybe some other flag could be introduced
such as %INITIAL_UNSAFE_RENEGOTIATION, but this can happen at any point
later.

regards,
Nikos



reply via email to

[Prev in Thread] Current Thread [Next in Thread]