I think it's pretty well understood at this point that 0.9.8l does the wrong thing when a client asks for a renegotiation (hangs the negotiation, basically). But it looks to me like 0.9.8-stable also gets it wrong.
AFAICT by code inspection 0.9.8-stable (yesterday's snapshot) sends a Fatal INVALID PARAMETER alert and ends the session. That seems wrong. I believe a Warning NO RENEGOTIATION alert should be sent, and if the client then wants to close, it can do so -- or not. The code now seems to disconnect clients in violation of the standard; is there really a security reason to do this? I started to implement this but then discovered that there's other code which suppresses any attempt to send the NO RENEGOTIATION alert (commented with "don't send :-)") -- what's with that? It seems like, though the quick implementation of the new renegotiation extension was very impressive, the handling of clients which try to do unsafe renegotiations is either still quite broken, or I am suffering from a serious misunderstanding of either the spec or the code. Could someone from the OpenSSL team please comment on this? Thor ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [email protected] Automated List Manager [email protected]
