Re: TLS renegociation

To: Emmanuel Dreyfus <manu%netbsd.org@localhost>
Subject: Re: TLS renegociation
From: Thor Lancelot Simon <tls%panix.com@localhost>
Date: Sun, 4 Jul 2010 12:02:36 -0400

On Sun, Jul 04, 2010 at 07:30:30AM +0200, Emmanuel Dreyfus wrote:
> 
> Another problem is how to workaround the workaround. As I underdstand, client
> certificate authentication requires renegociation if it is not enabled
> server-wide: in that situation, the SSL handshake occurs, the the client
> requests a ressource requiring client certificate, and the server starts a
> renegociation so that the client can send its certificate. 

This is, to say the least, a particularly obnoxious abuse of SSL's
renegotiation "feature".  It also simply won't work with a surprisingly
large number of clients, because many small SSL/TLS implementations never
implemented renegotiation at all.

Thor

Follow-Ups:
- Re: TLS renegociation
  - From: Emmanuel Dreyfus

References:
- TLS renegociation
  - From: Emmanuel Dreyfus

Prev by Date: TLS renegociation
Next by Date: Re: TLS renegociation
Previous by Thread: TLS renegociation
Next by Thread: Re: TLS renegociation
Indexes:

Home | Main Index | Thread Index | Old Index