Disable TLS renegotiation when possible

XMLWordPrintableJSON

    • Type: Improvement
    • Resolution: Done
    • Priority: Major - P3
    • None
    • Component/s: None

      TLS renegotiation is complicated, has been removed from TLS 1.3, and is not supported on the OS X and Windows native cryptography implementations. For consistency going forward, we should disable it on OpenSSL, if we are able to.

      Some versions of OpenSSL define SSL_OP_NO_RENEGOTIATION, which disables renegotiation on TLS 1.2 and before. Drivers using OpenSSL should set the SSL_OP_NO_RENEGOTIATION flag on the SSL Context when defined.

            Assignee:
            Unassigned
            Reporter:
            Bernie Hackett
            Votes:
            0 Vote for this issue
            Watchers:
            2 Start watching this issue

              Created:
              Updated:
              Resolved: