Re: How to disable renegation before compiling openssl

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Apr 21, 2020 at 09:57:02PM +0200, Mark Windshield wrote:
> Hello,
> 
> I was wondering what I'd have to change in the openssl code/config before
> compiling to have renegation disabled by default, so it won't send the
> Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) when using curl.

This description does not really make it clear whether you just want to prevent
renegotiation or specifically need this SCSV value to not be included in the
ClientHello -- the semantics of TLS_EMPTY_RENEGOTIATION_INFO_SCSV is "if
renegotiation occurs, the client supports the 'secure' variant", but is
otherwise orthogonal to whether renegotiation itself actually occurs.

-Ben



[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Index of Archives]     [Linux ARM Kernel]     [Linux ARM]     [Linux Omap]     [Fedora ARM]     [IETF Annouce]     [Security]     [Bugtraq]     [Linux]     [Linux OMAP]     [Linux MIPS]     [ECOS]     [Asterisk Internet PBX]     [Linux API]

  Powered by Linux