TLS renegotiation is complicated, has been removed from TLS 1.3, and is not supported on the OS X and Windows native cryptography implementations. For consistency going forward, we should disable it on OpenSSL, if we are able to.
Some versions of OpenSSL define SSL_OP_NO_RENEGOTIATION, which disables renegotiation on TLS 1.2 and before. Drivers using OpenSSL should set the SSL_OP_NO_RENEGOTIATION flag on the SSL Context when defined.
- depends on
-
CDRIVER-2934 Disable TLS renegotiation when possible
- Closed
-
CXX-1717 Disable TLS renegotiation when possible
- Closed
-
MOTOR-299 Disable TLS renegotiation when possible
- Closed
-
NODE-1841 Disable TLS renegotiation when possible
- Closed
-
PHPC-1315 Disable TLS renegotiation when possible
- Closed
-
PYTHON-1726 Disable TLS renegotiation when possible
- Closed
-
RUBY-1685 Disable TLS renegotiation when possible
- Closed
-
RUST-131 Disable TLS renegotiation when possible
- Closed
-
CSHARP-2843 Disable TLS renegotiation when possible
- Closed
-
GODRIVER-1403 Disable TLS renegotiation when possible
- Closed
-
JAVA-3505 Disable TLS renegotiation when possible
- Closed
-
SERVER-37714 Check for and set SSL_OP_NO_RENEGOTIATION
- Closed