Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

Change default value for SslContextFactory.renegotiationAllowed to false #12378

Closed
sbordet opened this issue Oct 11, 2024 · 0 comments · Fixed by #12379
Closed

Change default value for SslContextFactory.renegotiationAllowed to false #12378

sbordet opened this issue Oct 11, 2024 · 0 comments · Fixed by #12379
Assignees
@sbordet
Labels
Bug For general bugs on Jetty side Sponsored This issue affects a user with a commercial support agreement

Comments

@sbordet
Copy link
Contributor

sbordet commented Oct 11, 2024

Jetty version(s)
12.0.x

Description
TLS renegotiation is the feature that allows (typically clients) to issue a TLS handshake in the middle of an already established secure communication.

This feature has proven to be vulnerable, and RFC 5746 fixes this vulnerability for TLS versions <= 1.2.

In TLS 1.3, the renegotiation feature has been removed.

We should change the default to false.
@sbordet sbordet added the Bug For general bugs on Jetty side label Oct 11, 2024
@sbordet sbordet self-assigned this Oct 11, 2024
@sbordet sbordet moved this to 🏗 In progress in Jetty 12.0.15 FROZEN Oct 11, 2024
sbordet added a commit that referenced this issue Oct 11, 2024
@sbordet
Fixes #12378 - Change default value for SslContextFactory.renegotiati…
d3c3f7c 
…onAllowed to false.

Signed-off-by: Simone Bordet <simone.bordet@gmail.com>
@sbordet sbordet linked a pull request Oct 11, 2024 that will close this issue
Fixes #12378 - Change default value for SslContextFactory.renegotiationAllowed to false. #12379
Merged
@sbordet sbordet added the Sponsored This issue affects a user with a commercial support agreement label Oct 11, 2024
@github-project-automation github-project-automation bot moved this from 🏗 In progress to ✅ Done in Jetty 12.0.15 FROZEN Oct 28, 2024
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@sbordet sbordet

Labels
Bug For general bugs on Jetty side Sponsored This issue affects a user with a commercial support agreement
Projects
No open projects
Jetty 12.0.15 FROZEN
Status: ✅ Done
Milestone
No milestone
1 participant
@sbordet