[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: TLS Renegotiation problem
From: |
Simon Josefsson |
Subject: |
Re: TLS Renegotiation problem |
Date: |
Tue, 10 Nov 2009 09:55:52 +0100 |
User-agent: |
Gnus/5.110011 (No Gnus v0.11) Emacs/23.1 (gnu/linux) |
Simon Josefsson <address@hidden> writes:
> For example, the mod_gnutls Apache plugin does not support renegotiation
> so there is no problem with it (this was the main case that I were
> concerned with):
Other servers that use GnuTLS is Exim4 and GNU Mailutils. I checked the
sources and cannot find any place where they performs TLS renegotiation.
So as far as I can tell, they are safe too.
(Of course, this assume that it is even possible to exploit this problem
with SMTP/IMAP/POP3 which I haven't seen explained yet.)
What other popular servers use GnuTLS?
Is there _any_ GnuTLS server that is vulnerable? Not even our
gnutls-serv appears to support renegotiation as far as I can tell.
/Simon
- TLS Renegotiation problem, Simon Josefsson, 2009/11/09
- Re: TLS Renegotiation problem, Daniel Kahn Gillmor, 2009/11/09
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem,
Simon Josefsson <=
- Re: TLS Renegotiation problem, Tomas Hoger, 2009/11/12
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Tomas Hoger, 2009/11/10
- Re: TLS Renegotiation problem, Steve Dispensa, 2009/11/10
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Simon Josefsson, 2009/11/10
- Re: TLS Renegotiation problem, Florian Weimer, 2009/11/10
- Re: TLS Renegotiation problem, Steve Dispensa, 2009/11/10
- Re: TLS Renegotiation problem, Florian Weimer, 2009/11/10
- Re: TLS Renegotiation problem, Tomas Hoger, 2009/11/11