-
Type: Question
-
Resolution: Fixed
-
Priority: Major - P3
-
Affects Version/s: None
-
Component/s: Networking, Security
-
Fully Compatible
-
Security 2019-06-17
TLS renegotiation is complicated, has been removed from TLS 1.3, and is not supported on the OS X and Windows native cryptography implementations. For consistency going forward, we should disable it on OpenSSL, if we are able to.
Some versions of OpenSSL define SSL_OP_NO_RENEGOTIATION, which disabled renegotiation on TLS 1.2 and before. If this macro is defined, we should apply it to our SSL_CTX objects with SSL_CTX_set_options.
- is depended on by
-
DRIVERS-580 Disable TLS renegotiation when possible
- Closed