ShadowySpirits commented on issue #1233: TLS Client-initiated renegotiation attack (CVE-2011-1473) URL: https://github.com/apache/rocketmq/issues/1233#issuecomment-595042376 > @bix29 it seems that it's a openssl issue, could you pull a request to resolve this problem? and it seems that only OpenSSL 1.0.2 or previous version has this problem. IMO, this issue is caused by SslProvider being always JDK instead of the Provider selected in upper code by default TlsHelper.javaļ¼ ``` if (tlsTestModeEnable) { // default is true SelfSignedCertificate selfSignedCertificate = new SelfSignedCertificate(); return SslContextBuilder .forServer(selfSignedCertificate.certificate(), selfSignedCertificate.privateKey()) .sslProvider(SslProvider.JDK) // always use jdk ssl .clientAuth(ClientAuth.OPTIONAL) .build(); } else { ... ```
---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected] With regards, Apache Git Services
