[ https://issues.apache.org/jira/browse/KAFKA-2609?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14943401#comment-14943401 ]
Ismael Juma commented on KAFKA-2609: ------------------------------------ [~rsivaram], thanks for filing this. One question I have is whether we should be supporting renegotiation at all. It adds a lot of complexity (which increases the probability of bugs) and I don't see the benefit given that we control the protocol between client and server. It seems simpler to close a connection if we want to restart the handshake process for whatever reason. There was also a well publicised vulnerability in the TLS protocol related to renegotiation and the JDK has the `jdk.tls.rejectClientInitiatedRenegotiation` as a protection against DOS attacks. What am I missing? > SSL renegotiation code paths need more tests > -------------------------------------------- > > Key: KAFKA-2609 > URL: https://issues.apache.org/jira/browse/KAFKA-2609 > Project: Kafka > Issue Type: Test > Affects Versions: 0.9.0.0 > Reporter: Rajini Sivaram > Assignee: Rajini Sivaram > Fix For: 0.9.0.0 > > > If renegotiation is triggered when read interest is off, at the moment it > looks like read interest is never turned back on. More unit tests are > required to test different renegotiation scenarios since these are much > harder to exercise in system tests. -- This message was sent by Atlassian JIRA (v6.3.4#6332)