Simon Josefsson <[email protected]> writes: > For example, the mod_gnutls Apache plugin does not support renegotiation > so there is no problem with it (this was the main case that I were > concerned with):
Other servers that use GnuTLS is Exim4 and GNU Mailutils. I checked the sources and cannot find any place where they performs TLS renegotiation. So as far as I can tell, they are safe too. (Of course, this assume that it is even possible to exploit this problem with SMTP/IMAP/POP3 which I haven't seen explained yet.) What other popular servers use GnuTLS? Is there _any_ GnuTLS server that is vulnerable? Not even our gnutls-serv appears to support renegotiation as far as I can tell. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
