[
https://issues.apache.org/jira/browse/KUDU-1926?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alexey Serbin updated KUDU-1926:
--------------------------------
Status: In Review (was: In Progress)
> Disable SSL session renegotiation
> ---------------------------------
>
> Key: KUDU-1926
> URL: https://issues.apache.org/jira/browse/KUDU-1926
> Project: Kudu
> Issue Type: Improvement
> Components: rpc, security
> Affects Versions: 1.3.0
> Reporter: Todd Lipcon
> Assignee: Alexey Serbin
> Priority: Minor
>
> SSL renegotiation has had a couple of CVEs in the past. We should figure out
> if it's easy to disable it and do so, since we don't expect to use it in KRPC.
> (it may already be the case that it's disabled by virtue of us not handling
> SSL_WANT_READ return from ssl_write, and SSL_WANT_WRITE from ssl_read).
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
