How to disable renegation before compiling openssl

Benjamin Kaduk bkaduk at akamai.com
Tue Apr 21 20:06:39 UTC 2020


On Tue, Apr 21, 2020 at 09:57:02PM +0200, Mark Windshield wrote:
> Hello,
> 
> I was wondering what I'd have to change in the openssl code/config before
> compiling to have renegation disabled by default, so it won't send the
> Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) when using curl.

This description does not really make it clear whether you just want to prevent
renegotiation or specifically need this SCSV value to not be included in the
ClientHello -- the semantics of TLS_EMPTY_RENEGOTIATION_INFO_SCSV is "if
renegotiation occurs, the client supports the 'secure' variant", but is
otherwise orthogonal to whether renegotiation itself actually occurs.

-Ben


More information about the openssl-users mailing list