TLS Client-initiated renegotiation attack (CVE-2011-1473) #1233
Labels
Milestone
Comments
|
@bix29 it seems that it's a openssl issue, could you pull a request to resolve this problem? and it seems that only OpenSSL 1.0.2 or previous version has this problem. |
|
My Server OpenSSL version is 1.1.1d and CVE-2011-1473 still has this problem. |
IMO, this issue is caused by SslProvider being always JDK instead of the Provider selected in upper code by default TlsHelper.java: |
vongosling
pushed a commit
that referenced
this issue
Mar 11, 2021
vongosling
added a commit
that referenced
this issue
May 19, 2021
* [ISSUE #1233] Fix CVE-2011-1473 * fix Multiple instances in the same application share MQClientInstance * [ISSUE #2748] Fix deleteSubscriptionGroup not remove consumer offset * [ISSUE #2745] Changed the support time of the request/reply feature to 4.6.0. Co-authored-by: von gosling <vongosling@apache.org> * [ISSUE #2729] Replace with Math.min method call * [ISSUE #2801]Fix NamesrvAddr connot set in Producer * [ISSUE 2800] optimize: the spelling of topicSynFlag Co-authored-by: ph3636 <tianxingguang@kanzhun.com> * [ISSUE #2803] Fix the endpoint cannot get instanceId without http (#2804) * fix the endpoint cannot get instanceId without http * fix the endpoint cannot get instanceId without http * add unit test * add unit test * add unit test Co-authored-by: panzhi33 <wb-pz502261@alibaba-inc.com> * fix messageArrivingListener NPE * [ISSUE #2538]Optimize log output when message trace saving fails * [ISSUE #2811] Fix the wrong topic was consumed in the DefaultMessageStoreTest test program * [ISSUE #2821] Overriding the ServiceThread#shutdown in HAClient class * [ISSUE #2805] remove redundant package imports * [ISSUE #2833] Support trace for TranscationProducer (#2834) * [ISSUE #2732] Fix message loss problem when rebalance with LitePullConsumer (#2832) * [ISSUE #2732] Fix message loss problem when rebalance with LitePullConsumer * Fix message loss problem when rebalance with LitePullConsumer, update 2 * [ISSUE #2846]fix -E might not port to other systems * fix some nonconformity after checkstyle * Support OpenTracing(#2861) * [ISSUE #2872] remove log files created by integration test when mvn clean * [ISSUE #2872] move log files created by integration test to target dir * Change log level to debug: "Half offset {} has been committed/rolled back" * Fix unit test stability Bump mockito-core to 3.10.0, remove powermock dependency, suppress useless logging * [ISSUE #2898] Resolve rocketmq-example project failed during checkstyle execution (#2899) Co-authored-by: SSpirits <shadowyspirits@outlook.com> Co-authored-by: panzhi33 <wb-pz502261@alibaba-inc.com> Co-authored-by: panzhi <panzhi33@qq.com> Co-authored-by: ArronHuang <41609451+ArronHuang@users.noreply.github.com> Co-authored-by: von gosling <vongosling@apache.org> Co-authored-by: drgnchan <40224023+drgnchan@users.noreply.github.com> Co-authored-by: zhangjidi2016 <zhangjidi@cmss.chinamobile.com> Co-authored-by: ph3636 <38041490+ph3636@users.noreply.github.com> Co-authored-by: ph3636 <tianxingguang@kanzhun.com> Co-authored-by: BurningCN <1015773611@qq.com> Co-authored-by: francis lee <francislee.cn@outlook.com> Co-authored-by: 灼华 <43363120+BurningCN@users.noreply.github.com> Co-authored-by: yuz10 <845238369@qq.com> Co-authored-by: huangli <areyouok@gmail.com> Co-authored-by: chenrl <raymond2366@outlook.com> Co-authored-by: ayanamist <ayanamist@gmail.com> Co-authored-by: zhangjidi2016 <1017543663@qq.com>
GenerousMan
pushed a commit
to GenerousMan/rocketmq
that referenced
this issue
Aug 12, 2022
pulllock
pushed a commit
to pulllock/rocketmq
that referenced
this issue
Oct 19, 2023
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4.2.0 and 4.3.0 is in use. when do the security scan, CVE-2011-1473 related issue is reported for the port 9876(nameserver) and 10911(broker).
is any version/release with this issued sovled?
The text was updated successfully, but these errors were encountered: