On Tue, Mar 16, 2010 at 1:02 PM, Simon Josefsson <[email protected]> wrote:
> I'll do some experiments with 2.9.10 on my machine... maybe best to get > a release out first though. At least in my system I couldn't do basic stuff (use svn over ssl) and couldn't find any fix for those (except changing gnutls). I no longer use openldap to login in my system, but I remember this also doesn't provide access to priority strings, which would also cause a denial of service. I'm also leaning towards having the first releases without enforced safe renegotiation and enforcing it at a later time that does not cause more trouble than it solves. Debug strings warning about that are now being printed via the gnutls logging, but are not visible in most applications (and even if it was might not offer any information to a typical user since it will be issued for almost every server today). What we can do is add a warning on the gnutls-cli if the server does not support safe renegotiation? (gnutls-cli-debug can also detect that). regards, Nikos _______________________________________________ Help-gnutls mailing list [email protected] http://lists.gnu.org/mailman/listinfo/help-gnutls
