Simon Josefsson <[email protected]> writes: > In GnuTLS, rehandshaking needs to be done explicitly by servers when > they get the GNUTLS_E_REHANDSHAKE error back from gnutls_record_recv. > If servers don't call gnutls_handshake when that happens, there is no > problem. So people can check their applications if they are vulnerable > to this problem.
For everyone's information, searching for "GNUTLS_E_REHANDSHAKE" in code is not be sufficient: that only takes care of the situation where the local client reacts on a renegotiation request from the remote server. You also have to search for "gnutls_rehandshake" to take care of the situation where the local server initiates the renegotiation request. I believe one still has to look carefully at each example to understand whether a particular instance is vulnerable or not: not all instances of TLS reneg appears vulnerable. For example, a server could make sure that before calling gnutls_rehandshake it reads all data coming from the client and performs input sanitizing on it because there is no guarantee that data comes from the same identity who performs the TLS rehandshake and sends more data later on. /Simon _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
