On 01/18/2013 11:04 AM, Alfredo Pironti wrote: > Hi, > > One issue I see, is what happen to the buffered data if a > (re)handshake takes place. Potentially, this changes the ciphersuite > and the peer's identity. Safe renegotiation ensures the next > ciphersuite and peer's identity have been negotiated with the previous > peer, but the application may not want to send the remaining buffered > data to the new peer with the new (potentially less secure) > ciphersuite.
Indeed, the higher level functions should either prohibit rehandshake, or only allow it when safe renegotiation is supported by both. About a potentially less secure ciphersuite, I think that the actual security level of the session is set by the initial priority string. That is, the weakest algorithm in that list should be assumed to be the security level. A renegotiation couldn't reduce that level. regards, Nikos _______________________________________________ Gnutls-help mailing list [email protected] http://lists.gnupg.org/mailman/listinfo/gnutls-help
