[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: safe renegotiation bug?
From: |
Nikos Mavrogiannopoulos |
Subject: |
Re: safe renegotiation bug? |
Date: |
Tue, 1 Jun 2010 11:40:10 +0200 |
On Tue, Jun 1, 2010 at 11:10 AM, Simon Josefsson <address@hidden> wrote:
>>>> So which solution do you prefer?
>>>
>>> I'm not sure that is a good idea -- then there is no way to configure
>>> mod_gnutls to talk to anyone. People would need to use an older GnuTLS,
>>> or install mod_ssl or mod_nss instead to get that behaviour.
>>>
>>> However, we already have %INITIAL_SAFE_RENEGOTIATION so we already have
>>> four different priority strings. I think we could be feature complete
>>> with four different priority strings if we redesign things slightly:
>>>
>>> %DISABLE_SAFE_RENEGOTIATION: Disable the extension, permits unsafe
>>> (re-)handshakes.
>>>
>>> %SAFE_RENEGOTIATION: Enable extension and require it for all handshakes.
>>>
>>> %PARTIAL_RENEGOTIATION: Enable extension and require it on all
>>> re-handshakes but permit initial handshakes without it.
>>>
>>> %UNSAFE_RENEGOTIATION: Enable extension and permit all (re-)handshakes
>>> without extension.
>>>
>>> The default for both clients and servers would be
>>> %PARTIAL_RENEGOTIATION. We'll change the defaults to
>>> %SAFE_RENEGOTIATION in two years or so.
>>>
>>> What do you think about this approach?
>>
>> As a concept I agree... The only problem might be that
>> %PARTIAL_RENEGOTIATION might be misleading in client side because it
>> doesn't really protect from the https renegotiation attack, but this can
>> be made clear in the documentation. I'll try to check it today.
>
> Right, PARTIAL_RENEGOTIATION is the trade-off approach that is
> vulnerable to some attacks but at least allows interop to happen. I
> think we have some good warning material in the manual already for this.
> It would be great if you could make modifications to make this happen.
> I can update the self tests to make sure it is working as we want it to.
That would be great.
> Alas I'll be travelling in the next few days, but I'll have some
> connectivity and can do a 2.9.11 release
I'll try to have the code ready by tonight. Do the renegotiation self
tests cover all cases of the previously tests in bash?
regards,
Nikos