[
https://issues.apache.org/jira/browse/KNOX-2772?focusedWorklogId=793720&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-793720
]
ASF GitHub Bot logged work on KNOX-2772:
----------------------------------------
Author: ASF GitHub Bot
Created on: 21/Jul/22 12:54
Start Date: 21/Jul/22 12:54
Worklog Time Spent: 10m
Work Description: smolnar82 commented on PR #605:
URL: https://github.com/apache/knox/pull/605#issuecomment-1191449534
Thanks for the new patchset, @nanhuirong !
I've just checked [Jetty's
API](https://www.eclipse.org/jetty/javadoc/jetty-9/org/eclipse/jetty/util/ssl/SslContextFactory.html#isRenegotiationAllowed())
and found that the default value is `true`:
```
[@ManagedAttribute](https://www.eclipse.org/jetty/javadoc/jetty-9/org/eclipse/jetty/util/annotation/ManagedAttribute.html)("Whether
renegotiation is allowed") public boolean isRenegotiationAllowed()
Returns:
whether TLS renegotiation is allowed (true by default)
```
Hence the question: why do we want to change the default to `false`?
Cc. @lmccay
Issue Time Tracking
-------------------
Worklog Id: (was: 793720)
Time Spent: 40m (was: 0.5h)
> add configuration for jetty renegotiation
> -----------------------------------------
>
> Key: KNOX-2772
> URL: https://issues.apache.org/jira/browse/KNOX-2772
> Project: Apache Knox
> Issue Type: Improvement
> Components: Server
> Affects Versions: 1.6.0
> Reporter: nanhuirong
> Priority: Critical
> Attachments: KNOX-2772.patch
>
> Time Spent: 40m
> Remaining Estimate: 0h
>
> the user or developer can't config the renegotiation for knox
> *Action plan:*
> set the value when building the SslContextFactory
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
