[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS Renegotiation problem
From: |
Tomas Hoger |
Subject: |
Re: TLS Renegotiation problem |
Date: |
Wed, 18 Nov 2009 19:28:52 +0100 |
On Tue, 17 Nov 2009 11:32:46 +0100 Simon Josefsson
<address@hidden> wrote:
> > In GnuTLS, rehandshaking needs to be done explicitly by servers when
> > they get the GNUTLS_E_REHANDSHAKE error back from
> > gnutls_record_recv. If servers don't call gnutls_handshake when
> > that happens, there is no problem. So people can check their
> > applications if they are vulnerable to this problem.
>
> For everyone's information, searching for "GNUTLS_E_REHANDSHAKE" in
> code is not be sufficient: that only takes care of the situation
> where the local client reacts on a renegotiation request from the
> remote server.
>
> You also have to search for "gnutls_rehandshake" to take care of the
> situation where the local server initiates the renegotiation request.
I did a search for that in Red Hat Enterprise Linux sources and I've
not found anything using it. Google codesearch finds it in mod_gnutls
though. From a 30sec look, it may be using it in similar cases as
mod_ssl / mod_nss.
th.
- Re: TLS Renegotiation problem, (continued)
- Re: TLS Renegotiation problem, Daniel Kahn Gillmor, 2009/11/09
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Message not available
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Tomas Hoger, 2009/11/10
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Florian Weimer, 2009/11/10
- Re: TLS Renegotiation problem, Tomas Hoger, 2009/11/11
- Message not available
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/17
- Re: TLS Renegotiation problem,
Tomas Hoger <=
Re: TLS Renegotiation problem, Florian Weimer, 2009/11/10