[
https://issues.apache.org/jira/browse/KNOX-2772?focusedWorklogId=793813&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-793813
]
ASF GitHub Bot logged work on KNOX-2772:
----------------------------------------
Author: ASF GitHub Bot
Created on: 21/Jul/22 15:58
Start Date: 21/Jul/22 15:58
Worklog Time Spent: 10m
Work Description: nanhuirong commented on PR #605:
URL: https://github.com/apache/knox/pull/605#issuecomment-1191664101
> Disabling renegotiation is the more secure mode and I would expect that to
actually be the default. Renegotiation had an attack vector a while ago whereby
a middle man could renegotiate to a lower - like NONE - algorithm. While this
may have been fixed, I don't know of any specific functionality that is blocked
by this that requires it to be enabled by default. If this was recently changed
to enabled by default in jetty then we should preserve backward compatibility
and leave it false. If it was enabled by default previously then making it true
by default preserves previous behav
Issue Time Tracking
-------------------
Worklog Id: (was: 793813)
Time Spent: 1.5h (was: 1h 20m)
> add configuration for jetty renegotiation
> -----------------------------------------
>
> Key: KNOX-2772
> URL: https://issues.apache.org/jira/browse/KNOX-2772
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.6.0
> Reporter: nanhuirong
> Priority: Critical
> Attachments: KNOX-2772.patch
>
> Time Spent: 1.5h
> Remaining Estimate: 0h
>
> the user or developer can't config the renegotiation for knox
> *Action plan:*
> set the value when building the SslContextFactory
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
