[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS renegotiation MITM

From: Simon Josefsson
Subject: Re: TLS renegotiation MITM
Date: Fri, 06 Nov 2009 16:50:17 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

"Steve Dispensa" <address@hidden> writes:

> Glad to. What's the best git tree? I thought I had the right one based
> on the site.

What link did you find on our site?  I created a new page at with some information.


> Thanks.
>  -Steve
> On Nov 6, 2009, at 5:36 AM, "Simon Josefsson" <address@hidden>
> wrote:
>> Steve Dispensa <address@hidden> writes:
>>> Hi,
>>> A colleague and I have released details of a new attack against TLS
>>> in the
>>> area of renegotiation. Information is here:
>>> During the process of running this bug (and its proposed solution) to
>>> ground, I implemented a patch to GNUTLS, attached. There are also
>>> two new
>>> files that implement the extension that solves the problem.
>>> There is lots of background in the above link, but the one missing
>>> part is
>>> the Internet Draft that has been tentatively agreed on by most of
>>> the major
>>> vendors (pending IETF action, of course). That draft is what I have
>>> implemented, and you should see it posted to the TLS IETF list
>>> tomorrow
>>> morning.
>>> I'd be happy to help in any way I can.
>> What GnuTLS version is your patch for?  We haven't used a
>> file in a long time.  Would you mind reworking it for GnuTLS 2.8.x
>> and/or 2.9.x?  Those are the latest stable and experimental branches.
>> Once the copyright paper issue has been resolved, we could integrate
>> it.
>> /Simon

reply via email to

[Prev in Thread] Current Thread [Next in Thread]