On Tue, May 25, 2010 at 11:06 AM, Marsh Ray <ma...@extendedsubset.com> wrote: > > But by that logic, the client should refuse to handshake at all with a > non-RFC-5746 server. (In reality that eventually needs to become the > default behavior).
I agree. A strict client should refuse an initial handshake with a legacy server. If a client is willing to perform an initial handshake with a legacy server, it should also be willing to perform a renegotiation initiated by that server. To answer Matt's original question: yes, it is intended to throw a roadblock into the use of vulnerable servers to force them to upgrade. I believe another rationale is that a legacy server can also be made not vulnerable by disabling renegotiations, so if a legacy server initiates a renegotiation, it is definitely vulnerable. > I suspect that some of the "security.ssl.*" parameters may equally apply > to server side uses of NSS, in which case it is clearly a useful mitigation. Those parameters are Mozilla client preferences. None of the Mozilla clients (Firefox, Thunderbird, etc.) act as SSL servers. Wan-Teh -- dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
