[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: TLS Renegotiation problem

From: Tomas Hoger
Subject: Re: TLS Renegotiation problem
Date: Wed, 18 Nov 2009 19:28:52 +0100

On Tue, 17 Nov 2009 11:32:46 +0100 Simon Josefsson
<address@hidden> wrote:

> > In GnuTLS, rehandshaking needs to be done explicitly by servers when
> > they get the GNUTLS_E_REHANDSHAKE error back from
> > gnutls_record_recv. If servers don't call gnutls_handshake when
> > that happens, there is no problem.  So people can check their
> > applications if they are vulnerable to this problem.
> For everyone's information, searching for "GNUTLS_E_REHANDSHAKE" in
> code is not be sufficient: that only takes care of the situation
> where the local client reacts on a renegotiation request from the
> remote server.
> You also have to search for "gnutls_rehandshake" to take care of the
> situation where the local server initiates the renegotiation request.

I did a search for that in Red Hat Enterprise Linux sources and I've
not found anything using it.  Google codesearch finds it in mod_gnutls
though.  From a 30sec look, it may be using it in similar cases as
mod_ssl / mod_nss.


reply via email to

[Prev in Thread] Current Thread [Next in Thread]