-
Notifications
You must be signed in to change notification settings - Fork 68
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
TLS renegotiation #3
Comments
bail out if the extension or ciphersuite is not present in the handshake. addresses #3
I actually believe this has been addressed enough:
I can think of the extension being send multiple times, but that shouldn't hurt anything (each of it must be correct). |
I am convinced this issue is also solved in our stack, but would love to have another pair of eyes reviewing. |
Stuff floated around in the meantime, but we do always send and check Looks legit. |
problem: a man in the middle might hand over a TLS session to a client, because key renegotiation does not include any data from the previous key exchange
solution: secure renegotiation, as specified in RFC 5746
The text was updated successfully, but these errors were encountered: