Uploaded image for project: 'Kudu'
  1. Kudu
  2. KUDU-1926

Disable SSL session renegotiation

    XMLWordPrintableJSON

    Details

    • Type: Improvement
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: 1.3.0
    • Fix Version/s: None
    • Component/s: rpc, security
    • Labels:
      None

      Description

      SSL renegotiation has had a couple of CVEs in the past. We should figure out if it's easy to disable it and do so, since we don't expect to use it in KRPC.

      (it may already be the case that it's disabled by virtue of us not handling SSL_WANT_READ return from ssl_write, and SSL_WANT_WRITE from ssl_read).

        Attachments

          Activity

            People

            • Assignee:
              Unassigned
              Reporter:
              tlipcon Todd Lipcon
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated: