aericpp commented on issue #968: https开启双向认证后,SSL Renegotiation功能失效 URL: https://github.com/apache/incubator-brpc/issues/968#issuecomment-554261584 > 由于之前一些SSL版本过低,renegotiation会引发安全问题,所以代码这里把这个关了 > https://github.com/apache/incubator-brpc/blob/6efb0cff5f30f32437c660cef01c93549cf62679/src/brpc/details/ssl_helper.cpp#L140 > > 你看下你的log中,是否有上面日志里的这句话 > Close xxx due to insecure renegotiation detected (CVE-2009-3555) 有两种情况: 1. 使用openssl s_client工具测试的时候 不用reconenct参数,第一次请求以后输入R请求第二次,这种时候确实是会报cve这个错误。 2. 直接使用reconnect参数是不会报这个错误,只有我上面列举的session id context uninitialized。
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
