[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS Renegotiation problem

From: Simon Josefsson
Subject: Re: TLS Renegotiation problem
Date: Tue, 10 Nov 2009 12:29:04 +0100
User-agent: Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux)

Tomas Hoger <address@hidden> writes:

> On Tue, Nov 10, 2009 at 09:55:52AM +0100, Simon Josefsson wrote:
>> What other popular servers use GnuTLS?
> CUPS and libvirt(d).  No GNUTLS_E_REHANDSHAKE in their sources, client
> requested renegotiations seem to fail.

Thanks for checking.  So to summarize, so far the following servers
appears to not be affected by this problem when used with GnuTLS:


If the servers are linked with OpenSSL I don't know if they are
vulnerable or not, it would depend on whether OpenSSL perform
renegotiation without application interaction.  So make sure they are
linked to GnuTLS before declaring victory.

I think we now have some evidence to suggest GnuTLS needn't do anything
about this.  It seems any use of rehandshake with GnuTLS is
application-specific and then the answer is probably to fix that
application instead of GnuTLS.  Any more insight or thoughts on this is

What GnuTLS needs to do, though, is to have a discussion of the issue in
the manual where renegotiation is discussed, so application writers are
aware of the problem.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]