Re: TLS renegotiation MITM

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS renegotiation MITM

From:	Simon Josefsson
Subject:	Re: TLS renegotiation MITM
Date:	Fri, 06 Nov 2009 12:38:24 +0100
User-agent:	Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Steve Dispensa <address@hidden> writes:

> Hi,
>
> A colleague and I have released details of a new attack against TLS in the
> area of renegotiation. Information is here:
>
> http://extendedsubset.com/?p=8
>
> During the process of running this bug (and its proposed solution) to
> ground, I implemented a patch to GNUTLS, attached. There are also two new
> files that implement the extension that solves the problem.
>
> There is lots of background in the above link, but the one missing part is
> the Internet Draft that has been tentatively agreed on by most of the major
> vendors (pending IETF action, of course). That draft is what I have
> implemented, and you should see it posted to the TLS IETF list tomorrow
> morning.
>
> I'd be happy to help in any way I can.

What GnuTLS version is your patch for?  We haven't used a configure.in
file in a long time.  Would you mind reworking it for GnuTLS 2.8.x
and/or 2.9.x?  Those are the latest stable and experimental branches.

Once the copyright paper issue has been resolved, we could integrate it.

/Simon

[Prev in Thread]

Current Thread

[Next in Thread]

TLS renegotiation MITM, Steve Dispensa, 2009/11/04
- Re: TLS renegotiation MITM, Nikos Mavrogiannopoulos, 2009/11/05
  - Re: TLS renegotiation MITM, Steve Dispensa, 2009/11/05
- Re: TLS renegotiation MITM, Simon Josefsson <=
  - Re: TLS renegotiation MITM, Steve Dispensa, 2009/11/06
    - Re: TLS renegotiation MITM, Simon Josefsson, 2009/11/06

Prev by Date: Re: Running "make check" under valgrind
Next by Date: Re: TLS renegotiation MITM
Previous by thread: Re: TLS renegotiation MITM
Next by thread: Re: TLS renegotiation MITM
Index(es):
- Date
- Thread