help-gnutls
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

TLS Renegotiation problem

From: Simon Josefsson
Subject: TLS Renegotiation problem
Date: Mon, 09 Nov 2009 16:19:50 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) 
As you may have heard, people how found out how to attack TLS as used in
many application protocols.  For more info see:

http://www.ietf.org/id/draft-rescorla-tls-renegotiation-00.txt
http://www.educatedguesswork.org/2009/11/understanding_the_tls_renegoti.html
http://extendedsubset.com/
http://www.imperialviolet.org/2009/11/05/tls-reneg.html

It is important to understand that you are not vulnerable unless you use
renegotiation, which is not typical.  If you use renegotiation, perhaps
to request client certificates in a web server, the simplest "fix" is to
disable any use of renegotiation.  You don't need to do this if your
application protocol is robust -- for example XMPP/Jabber appears to be
robust against the problem.  HTTPS is not robust.

There is work ongoing to specify a new extension to make TLS
renegotiation safe against this attack, and hopefully GnuTLS will
support it soon.  Patches have been published in
http://thread.gmane.org/gmane.comp.encryption.gpg.gnutls.devel/3944 but
not yet tested or verified, and the IETF/IANA has not allocated a TLS
extension number for it yet either.

/Simon
reply via email to
[Prev in Thread] Current Thread [Next in Thread]