gnutls-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: safe renegotiation bug?

From: Nikos Mavrogiannopoulos
Subject: Re: safe renegotiation bug?
Date: Sun, 23 May 2010 00:31:15 +0200
User-agent: Thunderbird 2.0.0.24 (X11/20100411) 
Simon Josefsson wrote:
> Nikos Mavrogiannopoulos <address@hidden> writes:
> 
>> Simon Josefsson wrote:
>>> I have added tests/safe-renegotiation/srn5.c in which a client with
>>> support for safe reneg connect to a server without support for safe
>>> reneg.  The handshake succeeds (as expected), however the call to
>>> gnutls_safe_renegotiation_status in the server, after the handshake,
>>> indicates that the session is using safe renegotiation -- this seems
>>> like a bug to me.  Nikos/Steve, could you take a look?
>> Should be ok now. I get aborts in the srn5 but they seem intended?
> 
> I fixed that now -- however it seems there is another problem, now the
> rehandshake succeeds against a server that doesn't support safe
> renegotiation.  The second handshake in srn5 should fail, shouldn't it?

By default server is on unsafe renegotiation mode and doesn't require
any of the extensions, either on the first or subsequent negotiations.
Disallowing rengotiations after this point for the client shouldn't
offer any advantage since you are already connected securely to a peer.
The damage (for the client) is on the initial negotiation. But I might
be wrong. It's too late for me :)

regards,
Nikos
reply via email to
[Prev in Thread] Current Thread [Next in Thread]