Re: v1.1.1: “Secure Renegotiation IS NOT supported”

[Felipe Gasper]

> On Oct 28, 2021, at 03:52, Matt Caswell <matt at openssl.org> wrote:
> 
> 
> 
> On 27/10/2021 18:53, Felipe Gasper wrote:
>> 	Support for secure renegotiation is a “good thing”, right? That being the case, why would the newer OpenSSL version report no support for it while the older one supports it?
> 
> Probably TLSv1.3 is being negotiated with the newer version. In TLSv1.3 secure renegotiation is not supported because it is irrelevant. TLSv1.3 doesn't do renegotiation at all.

Ahh, thank you. That makes sense.

Would a patch that updates s_client’s verbiage be accepted? It seems like, when TLS 1.3 is in play, the note about secure renegotiation should either be omitted or altered to mention that renegotiation support is a non-issue for this TLS version.

It also seems like the SECURE RENEGOTIATION section of OpenSSL’s docs could use a bit of update to mention that it’s only relevant for 1.2 and prior?

Related: apparently some security-scanning tools flag any client renegotiation support as a potential vulnerability. Apparently about 10 years back it came out that renegotiations were more expensive on the server than on the client, as a result of which it was possible for a client to run a denial-of-service attack by issuing renegotiation requests over and over. Is this still an issue, or is it something that newer OpenSSLs effectively mitigate?

Thank you again!

Cheers,
-Felipe Gasper