Re: safe renegotiation

gnutls-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: safe renegotiation

From:	Nikos Mavrogiannopoulos
Subject:	Re: safe renegotiation
Date:	Tue, 18 May 2010 21:34:41 +0200
User-agent:	Thunderbird 2.0.0.24 (X11/20100411)

Simon Josefsson wrote:

> 
>> If people notice that no clients can connect on their servers will
>> either install an older version of gnutls that "works" or just go to
>> mod_ssl. Moreover it is problematic in the sense that an administrator
>> might not detect at all that his site is inaccessible and only find
>> out after losing customers or so. I think that fixing a security issue
>> but as a side-effect causing serious issues in interoperability with
>> old software is a recipe for people to move out of your software
>> (intel never managed to get rid of x86, and I don't think we can
>> afford it).
>>
>> Let's be conservative and wait. This issue proved not to be that
>> important in the internet (not many people upgraded because of this).
> 
> According to Tomas, OpenSSL protect against this.  If that is the case,
> I think the answer is simple: we should do the same.

I've commited a patch that does that in git.

regards,
Nikos

[Prev in Thread]

Current Thread

[Next in Thread]

Re: safe renegotiation, Nikos Mavrogiannopoulos <=
- Re: safe renegotiation, Simon Josefsson, 2010/05/22

Prev by Date: Re: gnutls 2.9.10 breaks exim4 TLS (Denying unsafe (re)negotiation.)
Next by Date: can't catch gnutls::exception
Previous by thread: initial PKCS #11 support
Next by thread: Re: safe renegotiation
Index(es):
- Date
- Thread