On Fri, Feb 26, 2010, Victor Duchovni wrote: > On Fri, Feb 26, 2010 at 02:45:19AM +0100, Dr. Stephen Henson wrote: > > > On Thu, Feb 25, 2010, Victor Duchovni wrote: > > > > > > > > If I field a patched server, and sufficiently many unpatched pre-0.9.8m > > > OpenSSL clients attempt re-negotiation under normal conditions, I have > > > a resource starvation problem and unhappy users who are more annoyed at > > > stuck connections than failed ones. > > > > > > > It would under normal circumstances (for some value of normal) require a > > specific request to renegotiate from the client code or setting of > > renegotiation values in an SSL BIO. I don't know how many clients do that: > > I suspect (and hope!) not many. > > In the not entirely rare case when servers dynamically request client > certs based on the requested URL (server triggers renegotiation > and asks for the initially not requested client certs), I assume there > is no "hanging" connection, as the renegotiation is server-initiated... >
By default if a patched server attempts to renegotiate with an unpatched client the connection fails with a fatal alert. The reasoning being the server doesn't realise that this makes it vulnerable to the MiTM attack. If legacy renegotiation is permissible then it succeeds. Steve. -- Dr Stephen N. Henson. OpenSSL project core developer. Commercial tech support now available see: http://www.openssl.org ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org