Message 312881 - Python tracker

Message312881

Author	christian.heimes
Recipients	christian.heimes, chuq, ned.deily, njs
Date	2018-02-26.08:17:58
SpamBayes Score	-1.0
Marked as misclassified	Yes
Message-id	<1519633079.16.0.467229070634.issue32257@psf.upfronthosting.co.za>
In-reply-to

Content
The OP_NO_RENEGOTIATION option prevents renegotiation in TLS 1.2 and lower. Renegotiation is a problematic TLS feature that has led to security issues like CVE-2009-3555. TLS 1.3 has removed renegotiation completely in favor of much more reliable and simpler rekeying. PR5904 just adds the constant to the list of options and documents it. I didn't add it earlier because it wasn't available in the OpenSSL 1.1.0 branch until now. The next upcoming release of 1.1.0 will have it.

Content

The OP_NO_RENEGOTIATION option prevents renegotiation in TLS 1.2 and lower. Renegotiation is a problematic TLS feature that has led to security issues like CVE-2009-3555. TLS 1.3 has removed renegotiation completely in favor of much more reliable and simpler rekeying.

PR5904 just adds the constant to the list of options and documents it. I didn't add it earlier because it wasn't available in the OpenSSL 1.1.0 branch until now. The next upcoming release of 1.1.0 will have it.

History
Date	User	Action	Args
2018-02-26 08:17:59	christian.heimes	set	recipients: + christian.heimes, ned.deily, njs, chuq
2018-02-26 08:17:59	christian.heimes	set	messageid: <1519633079.16.0.467229070634.issue32257@psf.upfronthosting.co.za>
2018-02-26 08:17:59	christian.heimes	link	issue32257 messages
2018-02-26 08:17:58	christian.heimes	create