httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dirk-Willem van Gulik <di...@webweaving.org>
Subject Re: TLS renegotiation attack, mod_ssl and OpenSSL
Date Thu, 05 Nov 2009 22:03:39 GMT
Joe Orton wrote:

> * we can detect in mod_ssl when the client is renegotiating by using the
> callback installed using SSL_CTX_set_info_callback(), in conjunction
> with suitable flags in the SSLConnRec to detect the cases where this is
> either a server-initiated renegotiation or the initial handshake on the
> connection.

This seems to work for me - i.e. it calls back exactly when needed 
(rather than EAGAIN like break bubbling up in kernel_io.c) - and it 
_also_ seems to cover the other types of re-negotiation (i.e. other than 
for a Cert) which actually worry me a lot more.

For the record - this MiM can be done with _all_ type of 
(re)negotiations - for all parameters right ?

Thanks,

Dw.

Mime
View raw message