Fix for the TLS renegotiation bug - mozilla.dev.tech.crypto

The old Google Groups will be going away soon, but your browser is incompatible with the new version.

« Groups Home

mozilla.dev.tech.crypto

Discussions

+ new post

About this group

Subscribe to this group

This is a Usenet group - learn more

Message from discussion Fix for the TLS renegotiation bug

Eddy Nigg

View profile

More options Feb 18 2010, 7:43 am

Newsgroups: mozilla.dev.tech.crypto

From: Eddy Nigg <eddy_n...@startcom.org>

Date: Thu, 18 Feb 2010 14:43:15 +0200

Local: Thurs, Feb 18 2010 7:43 am

Subject: Re: Fix for the TLS renegotiation bug

Print | View thread | Show original | Report this message | Find messages by this author

On 02/18/2010 02:37 PM, Kai Engert:

> Eddy, describing the solution in more detail:

> - configure secure.startcom.com to never request client auth

> - configure authent.secure.startcom.com to always request client auth

> This avoids having to renegotiate, because the require authentication
> level is set during the initial handshake to the server.

> This requires that you split your content into two separate servers,
> jump to authent.secure.startcom as soon as a user wishes to use a
> cert, and remain at secure.startcom while you don't need the user to
> be authenticated.

OK, now I got it...indeed an interesting approach. Why haven't I thought
about this myself? ;-)

I'll check it out and have some tests going...

--
Regards

Signer: Eddy Nigg, StartCom Ltd.
XMPP: start...@startcom.org
Blog: http://blog.startcom.org/
Twitter: http://twitter.com/eddy_nigg

Create a group - Google Groups - Google Home - Terms of Service - Privacy Policy

Account Options