TLS renegotiation

TLS renegotiation

歴史

[1] RFC 5746 - Transport Layer Security (TLS) Renegotiation Indication Extension ( 版) <https://tools.ietf.org/html/rfc5746>

[2] RFC 7525 - Recommendations for Secure Use of Transport Layer Security (TLS) and Datagram Transport Layer Security (DTLS) ( 版) <https://tools.ietf.org/html/rfc7525#section-3.5>

[3] TLS_RENEG_PERMITTED

[4] httpd/ssl_engine_kernel.c at trunk · apache/httpd ( 版) <https://github.com/apache/httpd/blob/trunk/modules/ssl/ssl_engine_kernel.c>

[5] Security:Renegotiation - MozillaWiki ( 版) <https://wiki.mozilla.org/Security:Renegotiation>

[6] 535649 – Implement UI around CVE-2009-3555 and RFC 5746 (SSL renegotiation) ( 版) <https://bugzilla.mozilla.org/show_bug.cgi?id=535649>

[7] Issue 38082 - chromium - Implement RFC 5746: TLS Renegotiation Indication Extension - An open-source project to help move the web forward. - Google Project Hosting ( 版) <https://code.google.com/p/chromium/issues/detail?id=38082>

[8] OpenSSL Examples ( 版) <http://web.archive.org/web/20150314225415/http://www.rtfm.com/openssl-examples/>

[9] Re: SSL and TLS questions ( 版) <http://archives.seul.org/mixminion/dev/Jul-2002/msg00013.html>

実装

[10] Chrome でも Firefox でも IE でも、 HTTPS では HTTP の状態に関わらずどこでも再折衝できます。

[11] ただしクライアント認証についてはそちらの項を参照。

[15] Chromecurl も、 TLS handshake 直後の renegotiation はエラーとして接続を閉じ、空の応答ネットワークエラーを返すようです。

[12] Issue 31647 - chromium - Use the renegotiation info extension when NSS 3.12.6 comes out - Monorail ( ()) <https://bugs.chromium.org/p/chromium/issues/detail?id=31647>

[13] Issue 38082 - chromium - Implement RFC 5746: TLS Renegotiation Indication Extension - Monorail ( ()) <https://bugs.chromium.org/p/chromium/issues/detail?id=38082>

[14] 545755 – Update Mozilla stable branches to NSS 3.12.6 and minimal support for RFC 5746 ( ()) <https://bugzilla.mozilla.org/show_bug.cgi?id=545755>

[16] OpenSSL (OpenSSL Foundation, Inc.著, ) <https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html>