[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: safe renegotiation
|
From: |
Nikos Mavrogiannopoulos |
|
Subject: |
Re: safe renegotiation |
|
Date: |
Thu, 29 Apr 2010 11:02:14 +0200 |
On Thu, Apr 29, 2010 at 10:16 AM, Simon Josefsson <address@hidden> wrote:
> I've tested the safe renegotiation stuff a bit more, and I believe we
> could tweak the defaults to make them slightly more secure: let
> %SAFE_RENEGOTIATION be the default for servers.
>
> This means that servers will refuse to RE-negotiate against clients that
> does not support the extension.
[...]
> The odd package is mod_gnutls for Apache, but it exposes a priority
> string interface to the administrator, thus allowing them to override
> the behaviour easily -- however we should recommend that they don't,
> because it is really insecure.
This will actually harm mod_gnutls. Renegotiation is a common issue in
HTTPS (for upgrading authentication using a certificate for certain
locations). If people notice that no clients can connect on their
servers will either install an older version of gnutls that "works" or
just go to mod_ssl. Moreover it is problematic in the sense that an
administrator might not detect at all that his site is inaccessible
and only find out after losing customers or so. I think that fixing a
security issue but as a side-effect causing serious issues in
interoperability with old software is a recipe for people to move out
of your software (intel never managed to get rid of x86, and I don't
think we can afford it).
Let's be conservative and wait. This issue proved not to be that
important in the internet (not many people upgraded because of this).
regards,
Nikos
- safe renegotiation, Simon Josefsson, 2010/04/29
- Re: safe renegotiation,
Nikos Mavrogiannopoulos <=