[jira] [Commented] (FELIX-4972) [Jetty] Make SSL renegotiation configurable

Adrien PAILHES (JIRA) Fri, 31 Jul 2015 02:09:13 -0700

    [ 
https://issues.apache.org/jira/browse/FELIX-4972?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14648961#comment-14648961
 ]


Adrien PAILHES commented on FELIX-4972:
---------------------------------------

According to https://wiki.eclipse.org/Jetty/Howto/Configure_SSL:
{quote}
allowRenegotiate–Default is false.
{quote}
but in the patch:
{code}
public boolean isRenegotiationAllowed() {
     return getBooleanProperty(FELIX_JETTY_RENEGOTIATION_ALLOWED, true);
}
{code}
 
I think, for security purpose, we need to have the same behavior (default value 
to false)

> [Jetty] Make SSL renegotiation configurable
> -------------------------------------------
>
>                 Key: FELIX-4972
>                 URL: https://issues.apache.org/jira/browse/FELIX-4972
>             Project: Felix
>          Issue Type: Improvement
>          Components: HTTP Service
>    Affects Versions: http.jetty-3.0.2
>            Reporter: Thomas Franconville
>            Assignee: Carsten Ziegeler
>              Labels: patch, security
>             Fix For: http.jetty-3.1.0
>
>         Attachments: FELIX-4972__Allow_SSL_Renegotiation_as_into_Jetty.patch
>
>
> More information:
> http://www.ietf.org/mail-archive/web/tls/current/msg07553.html
> By default, felix jetty allows client renegotiation.
> Test: http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Commented] (FELIX-4972) [Jetty] Make SSL renegotiation configurable

Reply via email to