Re: Banning TLS renegotiation
On Tue, Oct 03, 2017 at 11:32:56AM +0100, Richard W.M. Jones wrote:
> either qemu (client or server) nor nbdkit (server) implement this. I
This should say "_Neither_ qemu ..."
> didn't check other implementations in detail, but I would note that
> with GnuTLS renegotiation is *not* handled transparently. What
> happens is that any call to gnutls_record_recv can return
> GNUTLS_E_REHANDSHAKE and the peer must decide either to perform the
> handshake (calling gnutls_rehandshake[1]) or to drop the connection.
> So doing this would complicate the implementation of NBD clients and
> servers.
A couple of other points:
(1) Until recently TLS renegotiation had a security flaw. This has
since been patched in the protocol:
https://tools.ietf.org/html/rfc5746
(2) Even with that fix there is the problem that a client can issue
lots of renegotiation requests, causing the server to do lots of extra
work (much more than the client has to do) which is a mild DoS attack.
The recommendation is that you limit the number of renegotiations that
a client is allowed to do.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
Reply to: