[ https://issues.apache.org/jira/browse/KNOX-2772?focusedWorklogId=793720&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-793720 ]
ASF GitHub Bot logged work on KNOX-2772: ---------------------------------------- Author: ASF GitHub Bot Created on: 21/Jul/22 12:54 Start Date: 21/Jul/22 12:54 Worklog Time Spent: 10m Work Description: smolnar82 commented on PR #605: URL: https://github.com/apache/knox/pull/605#issuecomment-1191449534 Thanks for the new patchset, @nanhuirong ! I've just checked [Jetty's API](https://www.eclipse.org/jetty/javadoc/jetty-9/org/eclipse/jetty/util/ssl/SslContextFactory.html#isRenegotiationAllowed()) and found that the default value is `true`: ``` [@ManagedAttribute](https://www.eclipse.org/jetty/javadoc/jetty-9/org/eclipse/jetty/util/annotation/ManagedAttribute.html)("Whether renegotiation is allowed") public boolean isRenegotiationAllowed() Returns: whether TLS renegotiation is allowed (true by default) ``` Hence the question: why do we want to change the default to `false`? Cc. @lmccay Issue Time Tracking ------------------- Worklog Id: (was: 793720) Time Spent: 40m (was: 0.5h) > add configuration for jetty renegotiation > ----------------------------------------- > > Key: KNOX-2772 > URL: https://issues.apache.org/jira/browse/KNOX-2772 > Project: Apache Knox > Issue Type: Improvement > Components: Server > Affects Versions: 1.6.0 > Reporter: nanhuirong > Priority: Critical > Attachments: KNOX-2772.patch > > Time Spent: 40m > Remaining Estimate: 0h > > the user or developer can't config the renegotiation for knox > *Action plan:* > set the value when building the SslContextFactory -- This message was sent by Atlassian Jira (v8.20.10#820010)