Juniper SSL VPN login fails

Nikos Mavrogiannopoulos nmav at
Tue Apr 14 05:48:08 PDT 2015

On Tue, 2015-04-14 at 13:29 +0100, David Woodhouse wrote:
> On Tue, 2015-04-14 at 15:07 +0300, Nikos Mavrogiannopoulos wrote:
> > Indeed. Re-authentication cannot happen transparently in an application,
> > i.e., suddenly the server or client change identity and no-one is
> > notified. The fact that gnutls insists on explicit re-authentication by
> > the application, protected applications from attacks like the triple
> > handshake attack and the other re-handshake-based attacks on TLS.
> ... which is why I need to think hard about the fact that my patch
> automatically just *does* the renegotiation whenever it's asked to.
> And check it'll do the right thing if the server identity changes, etc.

The safest approach is to check gnutls_safe_renegotiation_status() and
only allow renegotiation if it is in use. That way you can be assured
that you will be talking to the same server as the first negotiation
(i.e., the server didn't forward the connection somewhere else). If that
is not available (e.g., if the juniper servers are too old to support
safe renegotiation) you may have to resort into checking that the
certificate presented remained the same.

> And might also want to limit the circumstances in which it tolerates
> renegotiation at all — only when talking to a Network Connect server,
> and only at certain points in the connection.

That's what I do in ocserv as well, mostly to prevent DoS attacks by
clients who ask for renegotiation too many times.


More information about the openconnect-devel mailing list