Closed Bug 698231 Opened 8 years ago Closed 4 years ago

Renegotiation fails for SPDY connections when the server sends a certificate in the renegotiation handshake than the one it sent in the initial handshake

Categories

(Core :: Security: PSM, defect)

defect
Not set

Tracking

()

RESOLVED WONTFIX
mozilla11

People

(Reporter: briansmith, Unassigned)

References

Details

(Keywords: regression, Whiteboard: [mozilla-SPDY])

+++ This bug was initially created as a clone of Bug #698230 +++
+++ This bug was initially created as a clone of Bug #698229 +++

This would be a regression for any site that uses client certificates and which enables NPN+SPDY. I doubt many (if any) real servers do this.
It seems like at one point the HTTP/2 spec disallowed renegotiation and client certificates on the same connection based on my raising this as a concern in Zurich. I vaguely recollect that that decision was overturned near the end of the HTTP/2 process. I don't know what was done to make this a non-issue though.
HTTP/2 disallows renegotiation, with an exception that allows client certificate confidentiality, but that has to happen before the preface.

As for this bug, I think that I would be quite happy to have this marked WONTFIX.  SPDY doesn't really deserve much more effort, and I can live with a failure if a server changes its certificate between handshake and HTTP/2 preface.
WONTFIX as per comment 2.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.