[
https://issues.apache.org/jira/browse/KAFKA-2609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14972794#comment-14972794
]
Ismael Juma commented on KAFKA-2609:
------------------------------------
[~rsivaram], one thing to keep in mind is that it looks like renegotiation has
been removed in the TLS 1.3 draft spec:
{quote}
1.2. Major Differences from TLS 1.2
draft-10
Remove ClientCertificateTypes field from CertificateRequest and add extensions.
Merge client and server key shares into a single extension.
draft-09
Change to RSA-PSS signatures for handshake messages.
Remove support for DSA.
Update key schedule per suggestions by Hugo, Hoeteck, and Bjoern Tackmann.
Add support for per-record padding.
Switch to encrypted record ContentType.
Change HKDF labeling to include protocol version and value lengths.
Shift the final decision to abort a handshake due to incompatible certificates
to the client rather than having servers abort early.
Deprecate SHA-1 with signatures.
Add MTI algorithms.
draft-08
Remove support for weak and lesser used named curves.
Remove support for MD5 and SHA-224 hashes with signatures.
Update lists of available AEAD cipher suites and error alerts.
Reduce maximum permitted record expansion for AEAD from 2048 to 256 octets.
Require digital signatures even when a previous configuration is used.
Merge EarlyDataIndication and KnownConfiguration.
Change code point for server_configuration to avoid collision with
server_hello_done.
Relax certificate_list ordering requirement to match current practice.
draft-07
Integration of semi-ephemeral DH proposal.
Add initial 0-RTT support.
Remove resumption and replace with PSK + tickets.
Move ClientKeyShare into an extension.
Move to HKDF.
draft-06
Prohibit RC4 negotiation for backwards compatibility.
Freeze & deprecate record layer version field.
Update format of signatures with context.
Remove explicit IV.
draft-05
Prohibit SSL negotiation for backwards compatibility.
Fix which MS is used for exporters.
draft-04
Modify key computations to include session hash.
Remove ChangeCipherSpec.
Renumber the new handshake messages to be somewhat more consistent with
existing convention and to remove a duplicate registration.
Remove renegotiation.
Remove point format negotiation.
draft-03
Remove GMT time.
Merge in support for ECC from RFC 4492 but without explicit curves.
Remove the unnecessary length field from the AD input to AEAD ciphers.
Rename {Client,Server}KeyExchange to {Client,Server}KeyShare.
Add an explicit HelloRetryRequest to reject the client’s.
draft-02
Increment version number.
Rework handshake to provide 1-RTT mode.
Remove custom DHE groups.
Remove support for compression.
Remove support for static RSA and DH key exchange.
Remove support for non-AEAD ciphers.
{quote}
https://tlswg.github.io/tls13-spec/
> SSL renegotiation code paths need more tests
> --------------------------------------------
>
> Key: KAFKA-2609
> URL: https://issues.apache.org/jira/browse/KAFKA-2609
> Project: Kafka
> Issue Type: Test
> Affects Versions: 0.9.0.0
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Fix For: 0.10.0.0
>
>
> If renegotiation is triggered when read interest is off, at the moment it
> looks like read interest is never turned back on. More unit tests are
> required to test different renegotiation scenarios since these are much
> harder to exercise in system tests.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
