[botan-devel] insecure renegotiation

Jack Lloyd jack.lloyd at gmail.com
Sat Jun 3 16:54:36 EDT 2017

On Sat, Jun 3, 2017 at 3:27 AM, Falko Strenzke <fstrenzke at cryptosource.de>

> Hi,
> I would like to report an observation about Botan's TLS implementation. I
> ran the following simple test: Botan's sample client connects to a TLS 1.2
> server which does not support secure renegotiation. I added output of the
> server's extensions in the hello request for clarity. When the client
> requests renegotiation, the following happens:

This looks to be due to a copy and paste bug in checking the server hello
during renegotiation (in Channel::secure_renegotiation_check(const
Server_Hello* server_hello)) - the client compares the secure renegotiation
flag in the new server hello with the secure renegotiation flag in the
original handshake's *client hello* (instead of the original server hello
as it should). Since the client always sends the flag in its initial hello,
it will subsequently reject any renegotiation of a server that doesn't
support secure renegotiation. Thanks for the report I'll look at getting a
fix (and test) for this shortly. -Jack
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.randombit.net/pipermail/botan-devel/attachments/20170603/9e714cd0/attachment.html>

More information about the botan-devel mailing list