Tomas Hoger <[email protected]> writes: > On Tue, Nov 10, 2009 at 09:55:52AM +0100, Simon Josefsson wrote: >> What other popular servers use GnuTLS? > > CUPS and libvirt(d). No GNUTLS_E_REHANDSHAKE in their sources, client > requested renegotiations seem to fail.
Thanks for checking. So to summarize, so far the following servers appears to not be affected by this problem when used with GnuTLS: gnutls-serv mod_gnutls exim4 mailutils CUPS libvirtd If the servers are linked with OpenSSL I don't know if they are vulnerable or not, it would depend on whether OpenSSL perform renegotiation without application interaction. So make sure they are linked to GnuTLS before declaring victory. I think we now have some evidence to suggest GnuTLS needn't do anything about this. It seems any use of rehandshake with GnuTLS is application-specific and then the answer is probably to fix that application instead of GnuTLS. Any more insight or thoughts on this is welcome. What GnuTLS needs to do, though, is to have a discussion of the issue in the manual where renegotiation is discussed, so application writers are aware of the problem. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
