[jira] [Comment Edited] (KNOX-2772) add configuration for jetty renegotiation

nanhuirong (Jira) Wed, 06 Jul 2022 19:37:05 -0700


    [ 
https://issues.apache.org/jira/browse/KNOX-2772?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17563541#comment-17563541
 ]


nanhuirong edited comment on KNOX-2772 at 7/7/22 2:36 AM:
----------------------------------------------------------

Hi [~smolnar],

The feature is about the TLS Client-initiated renegotitation 
attack(CVE-2011-1473). Jetty has fixed the issue in 
[https://github.com/eclipse/jetty.project/commit/72219d016b8b82e9cc04c20940b733826d1736bc]

 

Thanks


was (Author: JIRAUSER292386):
Hi [~smolnar],

The feature is about the TLS Client-initiated renegotitation 
attack(CVE-2011-1473). Jetty has fixed the issue in 
https://github.com/eclipse/jetty.project/commit/72219d016b8b82e9cc04c20940b733826d1736bc

> add configuration for jetty renegotiation
> -----------------------------------------
>
>                 Key: KNOX-2772
>                 URL: https://issues.apache.org/jira/browse/KNOX-2772
>             Project: Apache Knox
>          Issue Type: Improvement
>          Components: Server
>    Affects Versions: 1.6.0
>            Reporter: nanhuirong
>            Priority: Critical
>         Attachments: KNOX-2772.patch
>
>
> the user or developer can't config the renegotiation for knox
> *Action plan:*
> set the value when building the SslContextFactory



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Comment Edited] (KNOX-2772) add configuration for jetty renegotiation

Reply via email to