Code review request, 7188658 Add possibility to disable client initiated renegotiation

Matthew Hall mhall at mhcomputing.net
Wed May 29 10:11:24 PDT 2013


On Wed, May 29, 2013 at 07:06:41PM +0200, Bernd Eckenfels wrote:
> PS: i still would prefer to allow applications deal with this by having a 
> syncronous handshake listener (would could then count handshake frequency 
> and close the socket).

Expecting applications to do this would not be secure by default, and would 
result in a lot of cut-and-paste code. At minimum there should be a reasonable 
default implementation which does something sane, that an app could choose to 
manually override if there was a good reason for it.

Matthew.


More information about the security-dev mailing list