On 4/24/24 10:57 AM, Simon Bernard wrote:
Thx Sean,
So just to be sure that I get you correctly, that means there is only a
static way to disable that ? No way to configure it differently for each
SslSocket or SslEngine?
That is correct.
For example, If I have a java application with 1 socket for https (e.g.
a REST API) and another socket on for coaps+tcp (e.g. to handle IoT
devices), both using SunJSEE, I can only enable or disable
renegotiation for both or none of them ?
Correct. Or you would need to split them into separate Java processes.
--Sean
In my case, I implement an open source library which implement LWM2M
protocol, so ideally I should provide a LWM2M Server without
renegotiation by default but
changing|`jdk.tls.rejectClientInitiatedRenegotiation` |programmatically
is not an option as this will affect all other library/code which could
be used with that library.
So, If there is no other option, I will not be able to provide a default
configuration which follow "TLS / DTLS profiles for the IoT", too bad.
