[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: safe renegotiation in client side
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: safe renegotiation in client side |
|
Date: |
Tue, 16 Mar 2010 15:48:06 +0100 |
On Tue, Mar 16, 2010 at 1:02 PM, Simon Josefsson <address@hidden> wrote:
> I'll do some experiments with 2.9.10 on my machine... maybe best to get
> a release out first though.
At least in my system I couldn't do basic stuff (use svn over ssl) and
couldn't find any
fix for those (except changing gnutls). I no longer use openldap to
login in my system, but
I remember this also doesn't provide access to priority strings, which
would also cause a denial of
service. I'm also leaning towards having the first releases without
enforced safe renegotiation and
enforcing it at a later time that does not cause more trouble than it solves.
Debug strings warning about that are now being printed via the gnutls
logging, but are not visible
in most applications (and even if it was might not offer any
information to a typical user since it
will be issued for almost every server today). What we can do is add a
warning on the gnutls-cli
if the server does not support safe renegotiation? (gnutls-cli-debug
can also detect that).
regards,
Nikos
Re: safe renegotiation in client side, Tomas Mraz, 2010/03/15
Re: safe renegotiation in client side, Simon Josefsson, 2010/03/15