[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS Renegotiation problem

From: Simon Josefsson
Subject: Re: TLS Renegotiation problem
Date: Tue, 10 Nov 2009 09:55:52 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Simon Josefsson <address@hidden> writes:

> For example, the mod_gnutls Apache plugin does not support renegotiation
> so there is no problem with it (this was the main case that I were
> concerned with):

Other servers that use GnuTLS is Exim4 and GNU Mailutils.  I checked the
sources and cannot find any place where they performs TLS renegotiation.
So as far as I can tell, they are safe too.

(Of course, this assume that it is even possible to exploit this problem
with SMTP/IMAP/POP3 which I haven't seen explained yet.)

What other popular servers use GnuTLS?

Is there _any_ GnuTLS server that is vulnerable?  Not even our
gnutls-serv appears to support renegotiation as far as I can tell.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]