Re: How to disable renegation before compiling openssl
* Sorry for being unclear, the goal would be to just not send the SCSV value in the ClientHello. Why?
Re: How to disable renegation before compiling openssl
Thanks for you reply Ben! Sorry for being unclear, the goal would be to just not send the SCSV value in the ClientHello. -Mark Am Di., 21. Apr. 2020 um 22:06 Uhr schrieb Benjamin Kaduk : > On Tue, Apr 21, 2020 at 09:57:02PM +0200, Mark Windshield wrote: > > Hello, > > > > I was wondering what I'd have to change in the openssl code/config before > > compiling to have renegation disabled by default, so it won't send the > > Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) when using curl. > > This description does not really make it clear whether you just want to > prevent > renegotiation or specifically need this SCSV value to not be included in > the > ClientHello -- the semantics of TLS_EMPTY_RENEGOTIATION_INFO_SCSV is "if > renegotiation occurs, the client supports the 'secure' variant", but is > otherwise orthogonal to whether renegotiation itself actually occurs. > > -Ben >
Re: How to disable renegation before compiling openssl
On Tue, Apr 21, 2020 at 09:57:02PM +0200, Mark Windshield wrote: > Hello, > > I was wondering what I'd have to change in the openssl code/config before > compiling to have renegation disabled by default, so it won't send the > Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) when using curl. This description does not really make it clear whether you just want to prevent renegotiation or specifically need this SCSV value to not be included in the ClientHello -- the semantics of TLS_EMPTY_RENEGOTIATION_INFO_SCSV is "if renegotiation occurs, the client supports the 'secure' variant", but is otherwise orthogonal to whether renegotiation itself actually occurs. -Ben
How to disable renegation before compiling openssl
Hello, I was wondering what I'd have to change in the openssl code/config before compiling to have renegation disabled by default, so it won't send the Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) when using curl. Thanks!