How to disable SSL/TLS Client-Initiated Renegotiation #5753

N0tronic · 2021-09-15T17:08:26Z

N0tronic
Sep 15, 2021

Hey guys,

I found a vulnerability in my TLS check against the broker (Client-Initiated Renegotiation).
In the config file is an option to enable secure renegotiation but nothing for client-initiated-renegotiation.

Is that a known issue, or I only not found this option?

thx and greetings

Answered by zmstone

Sep 15, 2021

this is configurable in the ssl library, but we have not made it an option for EMQ X users.
https://erlang.org/doc/man/ssl.html#type-client_renegotiation

we'll look into it.

View full answer

zmstone · 2021-09-15T18:39:55Z

zmstone
Sep 15, 2021
Maintainer

this is configurable in the ssl library, but we have not made it an option for EMQ X users.
https://erlang.org/doc/man/ssl.html#type-client_renegotiation

we'll look into it.

1 reply

zmstone Sep 15, 2021
Maintainer

fixing it here: #5754

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

How to disable SSL/TLS Client-Initiated Renegotiation #5753

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment 1 reply

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{title}}

Uh oh!

Uh oh!

{{editor}}'s edit

{{editor}}'s edit

Uh oh!

Select a reply

Uh oh!

How to disable SSL/TLS Client-Initiated Renegotiation #5753

Uh oh!

N0tronic Sep 15, 2021

Replies: 1 comment · 1 reply

Uh oh!

zmstone Sep 15, 2021 Maintainer

Uh oh!

Uh oh!

zmstone Sep 15, 2021 Maintainer

N0tronic
Sep 15, 2021

Replies: 1 comment 1 reply

zmstone
Sep 15, 2021
Maintainer

zmstone Sep 15, 2021
Maintainer