How to disable renegation before compiling openssl
Mark Windshield
markwhozer at gmail.com
Tue Apr 21 23:26:53 UTC 2020
Thanks for you reply Ben!
Sorry for being unclear, the goal would be to just not send the SCSV value
in the ClientHello.
-Mark
Am Di., 21. Apr. 2020 um 22:06 Uhr schrieb Benjamin Kaduk <bkaduk at akamai.com
>:
> On Tue, Apr 21, 2020 at 09:57:02PM +0200, Mark Windshield wrote:
> > Hello,
> >
> > I was wondering what I'd have to change in the openssl code/config before
> > compiling to have renegation disabled by default, so it won't send the
> > Cipher Suite: TLS_EMPTY_RENEGOTIATION_INFO_SCSV (0x00ff) when using curl.
>
> This description does not really make it clear whether you just want to
> prevent
> renegotiation or specifically need this SCSV value to not be included in
> the
> ClientHello -- the semantics of TLS_EMPTY_RENEGOTIATION_INFO_SCSV is "if
> renegotiation occurs, the client supports the 'secure' variant", but is
> otherwise orthogonal to whether renegotiation itself actually occurs.
>
> -Ben
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200422/bea0c410/attachment.html>
More information about the openssl-users
mailing list