Asking my question again to those who know:
Is there currently a way in Gnutls to disable renegotiation on TLS and a way to
disable client initiated secure renegotiation?
The option to disabling renegotiation is mentioned in RFC5746:
RFC5746: "TLS implementations SHOULD provide a mechanism to disable and enable
renegotiation."
RFC5746: "Many servers can mitigate this attack simply by refusing to
renegotiate at all."
For this to work, developers and/or users needs to be able to refuse client
initiated renegotiation.
An user configurable implementation could have:
%DISABLE_RENEGOTIATION
%DISABLE_CLIENT_RENEGOTIATION
I am aware of the option to disable safe renegotiation. That seems to be
limited to disabling safe renegotiation, which would likely leave the server
vulnerable.
Thanks!
_______________________________________________
Gnutls-help mailing list
[email protected]
http://lists.gnupg.org/mailman/listinfo/gnutls-help
