boringssl

History

David Benjamin 163c95691a Forbid EMS from changing during renegotation. Changing parameters on renegotiation makes all our APIs confusing. This one has no reason to change, so lock it down. In particular, our preference to forbid Token Binding + renego may be overridden at the IETF, even though it's insane. Loosening it will be a bit less of a headache if EMS can't change. https://www.ietf.org/mail-archive/web/unbearable/current/msg00690.html claims that this is already in the specification and enforced by NSS. I can't find anything to this effect in the specification. It just says the client MUST disable renegotiation when EMS is missing, which is wishful thinking. At a glance, NSS doesn't seem to check, though I could be misunderstanding the code. Nonetheless, locking this down is a good idea anyway. Accurate or not, take the email as an implicit endorsement of this from Mozilla. Change-Id: I236b05991d28bed199763dcf2f47bbfb9d0322d7 Reviewed-on: https://boringssl-review.googlesource.com/10721 Reviewed-by: Adam Langley <agl@google.com> Commit-Queue: Adam Langley <agl@google.com> CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>	2016-08-30 15:43:35 +00:00
..
openssl	Forbid EMS from changing during renegotation.	2016-08-30 15:43:35 +00:00

David Benjamin 163c95691a Forbid EMS from changing during renegotation.

Changing parameters on renegotiation makes all our APIs confusing. This
one has no reason to change, so lock it down. In particular, our
preference to forbid Token Binding + renego may be overridden at the
IETF, even though it's insane. Loosening it will be a bit less of a
headache if EMS can't change.

https://www.ietf.org/mail-archive/web/unbearable/current/msg00690.html
claims that this is already in the specification and enforced by NSS. I
can't find anything to this effect in the specification. It just says
the client MUST disable renegotiation when EMS is missing, which is
wishful thinking. At a glance, NSS doesn't seem to check, though I could
be misunderstanding the code.

Nonetheless, locking this down is a good idea anyway. Accurate or not,
take the email as an implicit endorsement of this from Mozilla.

Change-Id: I236b05991d28bed199763dcf2f47bbfb9d0322d7
Reviewed-on: https://boringssl-review.googlesource.com/10721
Reviewed-by: Adam Langley <agl@google.com>
Commit-Queue: Adam Langley <agl@google.com>
CQ-Verified: CQ bot account: commit-bot@chromium.org <commit-bot@chromium.org>

2016-08-30 15:43:35 +00:00

openssl

Forbid EMS from changing during renegotation.

2016-08-30 15:43:35 +00:00