Disable TLS Renegociation ?
Sean Mullan
sean.mullan at oracle.com
Thu Apr 25 20:03:08 UTC 2024
On 4/24/24 10:57 AM, Simon Bernard wrote:
> Thx Sean,
>
> So just to be sure that I get you correctly, that means there is only a
> static way to disable that ? No way to configure it differently for each
> SslSocket or SslEngine?
That is correct.
> For example, If I have a java application with 1 socket for https (e.g.
> a REST API) and another socket on for coaps+tcp (e.g. to handle IoT
> devices), both using SunJSEE, I can only enable or disable
> renegotiation for both or none of them ?
Correct. Or you would need to split them into separate Java processes.
--Sean
> In my case, I implement an open source library which implement LWM2M
> protocol, so ideally I should provide a LWM2M Server without
> renegotiation by default but
> changing|`jdk.tls.rejectClientInitiatedRenegotiation` |programmatically
> is not an option as this will affect all other library/code which could
> be used with that library.
>
> So, If there is no other option, I will not be able to provide a default
> configuration which follow "TLS / DTLS profiles for the IoT", too bad.
>
More information about the security-dev
mailing list