[botan-devel] insecure renegotiation

Falko Strenzke fstrenzke at cryptosource.de
Sat Jun 3 03:27:56 EDT 2017


Hi,

I would like to report an observation about Botan's TLS implementation.
I ran the following simple test: Botan's sample client connects to a TLS
1.2 server which does not support secure renegotiation. I added output
of the server's extensions in the hello request for clarity. When the
client requests renegotiation, the following happens:

============

server_hello extension types:
Certificate validation status: Cannot establish trust
Handshake complete, TLS v1.2 using RSA_WITH_AES_128_CBC_SHA
Session ID 554ECECB8546861C826DCB4F26D3439A67274ECC9414D9FFC3C21E658D9A5003
R
Client initiated renegotiation
server_hello extension types:
Error: Server changed its mind about secure renegotiation
============

The client incorrectly seems to believe the server supports secure
renegotiation. This seems to err on the side of security, however.

Falko

-- 

cryptosource logo

Dr. Falko Strenzke
Dipl-Phys.
Geschäftsführer /
Managing Director

	cryptosource GmbH
Pallaswiesenstr. 182
64293 Darmstadt
Tel.: 	+49 (0) 6151 / 86 22 379
Fax.: 	+49 (0) 6151 / 786 65 80
Mobil.: 	+49 (0) 177 / 898 53 28

Email: fstrenzke at cryptosource.de <mailto:fstrenzke at cryptosource.de>
Internet: www.cryptosource.de <http://www.cryptosource.de>
	Geschäftsführer: Dr. Falko Strenzke
Unternehmenssitz: Darmstadt
Registergericht: Amtsgericht Darmstadt
Handelsregister-Nummer: HRB 93037
Umsatzsteuer-ID: DE294145062


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20170603/795994fb/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: logo.jpg
Type: image/jpeg
Size: 9937 bytes
Desc: not available
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20170603/795994fb/attachment-0001.jpg>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2938 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20170603/795994fb/attachment-0001.p7s>


More information about the botan-devel mailing list