[
https://issues.apache.org/jira/browse/KAFKA-2609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14943401#comment-14943401
]
Ismael Juma commented on KAFKA-2609:
------------------------------------
[~rsivaram], thanks for filing this. One question I have is whether we should
be supporting renegotiation at all. It adds a lot of complexity (which
increases the probability of bugs) and I don't see the benefit given that we
control the protocol between client and server. It seems simpler to close a
connection if we want to restart the handshake process for whatever reason.
There was also a well publicised vulnerability in the TLS protocol related to
renegotiation and the JDK has the `jdk.tls.rejectClientInitiatedRenegotiation`
as a protection against DOS attacks.
What am I missing?
> SSL renegotiation code paths need more tests
> --------------------------------------------
>
> Key: KAFKA-2609
> URL: https://issues.apache.org/jira/browse/KAFKA-2609
> Project: Kafka
> Issue Type: Test
> Affects Versions: 0.9.0.0
> Reporter: Rajini Sivaram
> Assignee: Rajini Sivaram
> Fix For: 0.9.0.0
>
>
> If renegotiation is triggered when read interest is off, at the moment it
> looks like read interest is never turned back on. More unit tests are
> required to test different renegotiation scenarios since these are much
> harder to exercise in system tests.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
