> On Oct 28, 2021, at 03:52, Matt Caswell <m...@openssl.org> wrote:
>
>
>
> On 27/10/2021 18:53, Felipe Gasper wrote:
>> Support for secure renegotiation is a “good thing”, right? That being
>> the case, why would the newer OpenSSL version report no support for it while
>> the older one supports it?
>
> Probably TLSv1.3 is being negotiated with the newer version. In TLSv1.3
> secure renegotiation is not supported because it is irrelevant. TLSv1.3
> doesn't do renegotiation at all.
Ahh, thank you. That makes sense.
Would a patch that updates s_client’s verbiage be accepted? It seems like, when
TLS 1.3 is in play, the note about secure renegotiation should either be
omitted or altered to mention that renegotiation support is a non-issue for
this TLS version.
It also seems like the SECURE RENEGOTIATION section of OpenSSL’s docs could use
a bit of update to mention that it’s only relevant for 1.2 and prior?
Related: apparently some security-scanning tools flag any client renegotiation
support as a potential vulnerability. Apparently about 10 years back it came
out that renegotiations were more expensive on the server than on the client,
as a result of which it was possible for a client to run a denial-of-service
attack by issuing renegotiation requests over and over. Is this still an issue,
or is it something that newer OpenSSLs effectively mitigate?
Thank you again!
Cheers,
-Felipe Gasper
