Re: [TLS] SSL Renegotiation DOS

Dr Stephen Henson <lists@drh-consultancy.demon.co.uk> Tue, 15 March 2011 15:48 UTC

Return-Path: <lists@drh-consultancy.demon.co.uk>
X-Original-To: tls@core3.amsl.com
Delivered-To: tls@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 377343A6E25 for <tls@core3.amsl.com>; Tue, 15 Mar 2011 08:48:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.384
X-Spam-Level:
X-Spam-Status: No, score=-2.384 tagged_above=-999 required=5 tests=[AWL=0.215, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id X--r1hfRSwoU for <tls@core3.amsl.com>; Tue, 15 Mar 2011 08:48:02 -0700 (PDT)
Received: from claranet-outbound-smtp04.uk.clara.net (claranet-outbound-smtp04.uk.clara.net [195.8.89.37]) by core3.amsl.com (Postfix) with ESMTP id 9ACA23A6E21 for <tls@ietf.org>; Tue, 15 Mar 2011 08:48:02 -0700 (PDT)
Received: from drh-consultancy.demon.co.uk ([80.177.30.10]:65520 helo=[192.168.7.8]) by relay04.mail.eu.clara.net (relay.clara.net [213.253.3.44]:10587) with esmtpa (authdaemon_plain:drh) id 1PzWUw-0000Rh-De for tls@ietf.org (return-path <lists@drh-consultancy.demon.co.uk>); Tue, 15 Mar 2011 15:49:26 +0000
Message-ID: <4D7F8A91.7030109@drh-consultancy.demon.co.uk>
Date: Tue, 15 Mar 2011 15:49:37 +0000
From: Dr Stephen Henson <lists@drh-consultancy.demon.co.uk>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.0; en-GB; rv:1.9.2.15) Gecko/20110303 Thunderbird/3.1.9
MIME-Version: 1.0
To: tls@ietf.org
References: <AANLkTin2i3+K8oV68pZFJ0xabjEugJLePyZTTaZSr0VE@mail.gmail.com> <AANLkTimVvBOdX9JNXE+JyZS5vTHsXnfhQMAH2cTgTRfM@mail.gmail.com> <0F7F9A82BB0DBB4396A9F8386D0E061206623016@pos-exch1.corp.positivenetworks.net> <20110315153943.GA10156@redhat.com>
In-Reply-To: <20110315153943.GA10156@redhat.com>
X-Enigmail-Version: 1.1.1
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Subject: Re: [TLS] SSL Renegotiation DOS
X-BeenThere: tls@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: "This is the mailing list for the Transport Layer Security working group of the IETF." <tls.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/tls>
List-Post: <mailto:tls@ietf.org>
List-Help: <mailto:tls-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/tls>, <mailto:tls-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 15 Mar 2011 15:48:04 -0000

On 15/03/2011 15:39, Joe Orton wrote:
> 
> I recall a complaint that some mobile browser was known to initiate 
> renegs, but I can't find a reference for that; it might have been 
> off-line discussion.  I'd be interested to hear any further data on 
> that.
> 

It was mentioned in the openssl-dev list a couple of times. The title was
"Renegotiation denied wrong?" around Nov 23rd 2009.

Steve.	
-- 
Dr Stephen N. Henson.
Core developer of the   OpenSSL project: http://www.openssl.org/
Freelance consultant see: http://www.drh-consultancy.co.uk/
Email: shenson@drh-consultancy.co.uk, PGP key: via homepage.