[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: CVE-2009-3555 not addressed in OpenSSL

On 10/21/2010 06:40 AM, Simon Josefsson wrote:

The new API to query whether the extension is negotiated or not is also
needed, but that shouldn't cause any problems as far as I can see.  A
binary using the new API wouldn't work with the original gnutls in
stable, though, but I think that is an acceptable price?

Even if you didn't add the new API, the protocol-level functionality would be improved.

So even if the decision to introduce a new API on an old interface represents a trade-off of risk vs functionality, it is not an argument against adding protocol support for RFC 5746 (which does not suggest the new API is needed for its implementation).

- Marsh

Reply to: