New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable Secure Client-Initiated Renegotiation #1257
Milestone
Comments
Would it be reasonable to have this disabled completely rather than configurable? |
From what I've read, the movement appears to be towards disabling renegotiation completely. |
Yes, I would disable it completely but I figured it should at least be configurable. |
ralight
added a commit
that referenced
this issue
May 29, 2019
Client initiated renegotiation is considered to be a potential attack vector against servers. Closes #1257. Thanks to Daniele Sluijters.
Renegotiation disabled! Thanks for the report. |
vankxr
pushed a commit
to vankxr/mosquitto
that referenced
this issue
Aug 9, 2019
Client initiated renegotiation is considered to be a potential attack vector against servers. Closes eclipse#1257. Thanks to Daniele Sluijters.
ralight
added a commit
that referenced
this issue
Sep 18, 2019
Client initiated renegotiation is considered to be a potential attack vector against servers. Closes #1257. Thanks to Daniele Sluijters.
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
I'd like the ability to configure mosquitto to disable Secure Client-Initiated Renegotiation. It's a potential DoS vector.
The text was updated successfully, but these errors were encountered: