Uploaded image for project: 'ZooKeeper'
  1. ZooKeeper
  2. ZOOKEEPER-3195

TLS - disable client-initiated renegotiation

    XMLWordPrintableJSON

    Details

      Description

      Client-initiated TLS renegotiation is not secure and exposes the connection to MITM attacks. Unfortunately, Java's TLS implementation allows it by default. Thankfully, it is easy to disable.

        Attachments

          Activity

            People

            • Assignee:
              ilyam Ilya Maykov
              Reporter:
              ilyam Ilya Maykov
            • Votes:
              0 Vote for this issue
              Watchers:
              4 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0h
                0h
                Logged:
                Time Spent - 3h 10m
                3h 10m