You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@kudu.apache.org by "Alexey Serbin (Jira)" <ji...@apache.org> on 2021/03/18 23:26:00 UTC

[jira] [Assigned] (KUDU-1926) Disable SSL session renegotiation

     [ https://issues.apache.org/jira/browse/KUDU-1926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Alexey Serbin reassigned KUDU-1926:
-----------------------------------

    Assignee: Alexey Serbin

> Disable SSL session renegotiation
> ---------------------------------
>
>                 Key: KUDU-1926
>                 URL: https://issues.apache.org/jira/browse/KUDU-1926
>             Project: Kudu
>          Issue Type: Improvement
>          Components: rpc, security
>    Affects Versions: 1.3.0
>            Reporter: Todd Lipcon
>            Assignee: Alexey Serbin
>            Priority: Minor
>
> SSL renegotiation has had a couple of CVEs in the past. We should figure out if it's easy to disable it and do so, since we don't expect to use it in KRPC.
> (it may already be the case that it's disabled by virtue of us not handling SSL_WANT_READ return from ssl_write, and SSL_WANT_WRITE from ssl_read).



--
This message was sent by Atlassian Jira
(v8.3.4#803005)