[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS renegotiation MITM

From: Simon Josefsson
Subject: Re: TLS renegotiation MITM
Date: Fri, 06 Nov 2009 12:38:24 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Steve Dispensa <address@hidden> writes:

> Hi,
> A colleague and I have released details of a new attack against TLS in the
> area of renegotiation. Information is here:
> During the process of running this bug (and its proposed solution) to
> ground, I implemented a patch to GNUTLS, attached. There are also two new
> files that implement the extension that solves the problem.
> There is lots of background in the above link, but the one missing part is
> the Internet Draft that has been tentatively agreed on by most of the major
> vendors (pending IETF action, of course). That draft is what I have
> implemented, and you should see it posted to the TLS IETF list tomorrow
> morning.
> I'd be happy to help in any way I can.

What GnuTLS version is your patch for?  We haven't used a
file in a long time.  Would you mind reworking it for GnuTLS 2.8.x
and/or 2.9.x?  Those are the latest stable and experimental branches.

Once the copyright paper issue has been resolved, we could integrate it.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]