On Tue, Apr 21, 2020 at 09:57:02PM +0200, Mark Windshield wrote: > Hello, > > I was wondering what I'd have to change in the openssl code/config before > compiling to have renegation disabled by default, so it won't send the > Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) when using curl.
This description does not really make it clear whether you just want to prevent renegotiation or specifically need this SCSV value to not be included in the ClientHello -- the semantics of TLS_EMPTY_RENEGOTIATION_INFO_SCSV is "if renegotiation occurs, the client supports the 'secure' variant", but is otherwise orthogonal to whether renegotiation itself actually occurs. -Ben
