lmccay commented on PR #605: URL: https://github.com/apache/knox/pull/605#issuecomment-1191651929
Disabling renegotiation is the more secure mode and I would expect that to actually be the default. Renegotiation had an attack vector a while ago whereby a middle man could renegotiate to a lower - like NONE - algorithm. While this may have been fixed, I don't know of any specific functionality that is blocked by this that requires it to be enabled by default. If this was recently changed to enabled by default in jetty then we should preserve backward compatibility and leave it false. If it was enabled by default previously then making it true by default preserves previous behanvior. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org For queries about this service, please contact Infrastructure at: us...@infra.apache.org