Message312881
The OP_NO_RENEGOTIATION option prevents renegotiation in TLS 1.2 and lower. Renegotiation is a problematic TLS feature that has led to security issues like CVE-2009-3555. TLS 1.3 has removed renegotiation completely in favor of much more reliable and simpler rekeying.
PR5904 just adds the constant to the list of options and documents it. I didn't add it earlier because it wasn't available in the OpenSSL 1.1.0 branch until now. The next upcoming release of 1.1.0 will have it. |
|
Date |
User |
Action |
Args |
2018-02-26 08:17:59 | christian.heimes | set | recipients:
+ christian.heimes, ned.deily, njs, chuq |
2018-02-26 08:17:59 | christian.heimes | set | messageid: <1519633079.16.0.467229070634.issue32257@psf.upfronthosting.co.za> |
2018-02-26 08:17:59 | christian.heimes | link | issue32257 messages |
2018-02-26 08:17:58 | christian.heimes | create | |
|