On 2016-08-11 18:04:41 [+0200], Hubert Kario wrote:
> On Thursday, 11 August 2016 13:50:53 CEST Sebastian Andrzej Siewior wrote:
> > On 2016-08-11 11:34:24 [+0200], Hubert Kario wrote:
> > > it all depends on the environment, in some renegotiation is completely
> > > unnecessary (public HTTP
On Thursday, 11 August 2016 13:50:53 CEST Sebastian Andrzej Siewior wrote:
> On 2016-08-11 11:34:24 [+0200], Hubert Kario wrote:
> > it all depends on the environment, in some renegotiation is completely
> > unnecessary (public HTTP servers without client certificate based
> > authentication), in
On 2016-08-11 11:34:24 [+0200], Hubert Kario wrote:
> it all depends on the environment, in some renegotiation is completely
> unnecessary (public HTTP servers without client certificate based
> authentication), in others just client-initiated renegotiation is needed
> (typical configuration
On Tuesday, 9 August 2016 21:51:32 CEST Sebastian Andrzej Siewior wrote:
> On 2016-08-09 19:26:44 [+], Viktor Dukhovni wrote:
> > On Tue, Aug 09, 2016 at 09:18:58PM +0200, Sebastian Andrzej Siewior wrote:
> > > I don't really know what I am supposed to do with this information. Do
> > > you
On Mon, Aug 08, 2016 at 08:57:26PM +0200, Sebastian Andrzej Siewior wrote:
> This is a computation attack and unfortunately the way a SSL handshake
> works. I understand that this `feature' is part of the TLS specification
> and I am not trying to nuke from openssl. Instead I would like to
>