[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Another renegotiation patch
|
From: |
Tomas Hoger |
|
Subject: |
Re: Another renegotiation patch |
|
Date: |
Thu, 25 Feb 2010 11:38:17 +0100 |
On Wed, 24 Feb 2010 17:06:48 +0100 Tomas Hoger <address@hidden>
wrote:
> It also add HANDSHAKE_FAILURE alert for unsafe initial negotiation
> (client), which is required by RFC 5746, 4.1. Though I'm wondering if
> this is the right place to generate this alert. If gnutls-serv
> refuses initial connection from the unpatched client,
> HANDSHAKE_FAILURE alert is generated, but it's from application
> rather than library. Should those alerts be generated by
> applications or library?
Related to this... gnutls-cli currently does not break connection and
exit when handshake error occurs during server-requested renegotiation
(check_rehandshake() only prints rehandshake result).
This can be tested as:
$ gnutls-cli -p 666 ssltls.de
...
- Simple Client Mode:
GET /otherciphers/ HTTP/1.0
*** Non fatal error: Rehandshake was requested by the peer.
*** Received rehandshake request
*** Fatal error: Safe renegotiation failed.
*** Rehandshake Failed.
No handshake_failure alert is sent, connection is not terminated.
th.
- Re: Another renegotiation patch, Simon Josefsson, 2010/02/18
- Re: Another renegotiation patch, Tomas Hoger, 2010/02/18
- Re: Another renegotiation patch, Simon Josefsson, 2010/02/18
- Re: Another renegotiation patch, Tomas Hoger, 2010/02/18
- Re: Another renegotiation patch, Nikos Mavrogiannopoulos, 2010/02/21
- Re: Another renegotiation patch, Tomas Hoger, 2010/02/24
- Re: Another renegotiation patch,
Tomas Hoger <=
- Re: Another renegotiation patch, Nikos Mavrogiannopoulos, 2010/02/26
- Re: Another renegotiation patch, Tomas Hoger, 2010/02/27
- Re: Another renegotiation patch, Nikos Mavrogiannopoulos, 2010/02/26
- Re: Another renegotiation patch, Tomas Hoger, 2010/02/27