Closed Bug 698231 Opened 13 years ago Closed 8 years ago

Renegotiation fails for SPDY connections when the server sends a certificate in the renegotiation handshake than the one it sent in the initial handshake

Categories

(Core :: Security: PSM, defect)

Product:
Core
Component:
Security: PSM
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED WONTFIX
Milestone:
mozilla11

People

(Reporter: briansmith, Unassigned)

References

Details

(Keywords: regression, Whiteboard: [mozilla-SPDY]) 

+++ This bug was initially created as a clone of Bug #698230 +++
+++ This bug was initially created as a clone of Bug #698229 +++

This would be a regression for any site that uses client certificates and which enables NPN+SPDY. I doubt many (if any) real servers do this.
It seems like at one point the HTTP/2 spec disallowed renegotiation and client certificates on the same connection based on my raising this as a concern in Zurich. I vaguely recollect that that decision was overturned near the end of the HTTP/2 process. I don't know what was done to make this a non-issue though.
HTTP/2 disallows renegotiation, with an exception that allows client certificate confidentiality, but that has to happen before the preface.

As for this bug, I think that I would be quite happy to have this marked WONTFIX.  SPDY doesn't really deserve much more effort, and I can live with a failure if a server changes its certificate between handshake and HTTP/2 preface.
WONTFIX as per comment 2.
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.