Details
-
Improvement
-
Status: Resolved
-
Minor
-
Resolution: Fixed
-
1.3.0
-
None
Description
SSL renegotiation has had a couple of CVEs in the past. We should figure out if it's easy to disable it and do so, since we don't expect to use it in KRPC.
(it may already be the case that it's disabled by virtue of us not handling SSL_WANT_READ return from ssl_write, and SSL_WANT_WRITE from ssl_read).