SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS
Anyone see an issue with disabling TLS renegotiation by default? As far as I can tell it's not explicitly required by any EAP flavour. Not mentioned in EAP-TLS RFC, which is what most methods base their TLS wrapper on. Would seem to protect against 3SHAKE. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
On Apr 14, 2016, at 9:56 PM, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
Anyone see an issue with disabling TLS renegotiation by default?
As far as I can tell it's not explicitly required by any EAP flavour. Not mentioned in EAP-TLS RFC, which is what most methods base their TLS wrapper on.
Would seem to protect against 3SHAKE.
That flag has been removed in other OpenSSL forks. They disable renegotiation by default. It's probably OK to add it in, with an appropriate ifdef. Alan DeKok.
participants (2)
-
Alan DeKok -
Arran Cudbard-Bell