[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS Renegotiation problem
|
From: |
Tomas Hoger |
|
Subject: |
Re: TLS Renegotiation problem |
|
Date: |
Tue, 10 Nov 2009 14:22:16 +0100 |
On Tue, Nov 10, 2009 at 12:29:04PM +0100, Simon Josefsson wrote:
> If the servers are linked with OpenSSL I don't know if they are
> vulnerable or not, it would depend on whether OpenSSL perform
> renegotiation without application interaction.
OpenSSL and NSS both do renegotiation transparently for application.
> I think we now have some evidence to suggest GnuTLS needn't do anything
> about this. It seems any use of rehandshake with GnuTLS is
> application-specific and then the answer is probably to fix that
> application instead of GnuTLS.
Is that meant as meant as "no change needed" or "no urgent temporary hotfix
needed"? Is the implementation of the proposed extension still the
long-term plan, so that apps needing rehandshakes can do them safely?
Thanks!
th.
- TLS Renegotiation problem, Simon Josefsson, 2009/11/09
- Re: TLS Renegotiation problem, Daniel Kahn Gillmor, 2009/11/09
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Message not available
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem,
Tomas Hoger <=
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Florian Weimer, 2009/11/10
- Re: TLS Renegotiation problem, Tomas Hoger, 2009/11/11
- Message not available
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/17
- Re: TLS Renegotiation problem, Tomas Hoger, 2009/11/18