10 Mar
2016
10 Mar
'16
1:23 p.m.
On 10.03.2016 12:40, Osiris wrote:
<snip/>
That's just the question of Florent: how to disable Secure Client-Initiated Renegotiation.
Hi!
There is no way to disable this in OpenSSL, and the CVE you refer to has been disputed. Please see http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2011-1473 and https://www.openssl.org/docs/manmaster/ssl/SSL_CTX_set_options.html.
Without altering OpenSSL sources, secure renegotiations will take place.
Aki Tuomi Dovecot Oy