-
Notifications
You must be signed in to change notification settings - Fork 30k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
src: set SSL_OP_ALLOW_CLIENT_RENEGOTIATION #38753
Conversation
This commit sets SSL_OP_ALLOW_CLIENT_RENEGOTIATION for OpenSSL 3.0 as this option is not set by default as it was in previous versions. Without this option set there are a few tests that fail when linked against OpenSSl 3.0.0-alpha-17, for example test-https-client-renegotiation-limit.js. I'm not sure we should be setting this for OpenSSL 3.0 or not, but I'll take a closer look at the implications but if nothing else this would allow for us to update to alpha-17 in the mean time.
I will say that for http2 and quic, having renegotiation disabled by default does make the most sense... so we might want to revisit this |
This commit updates the version of quictls/openssl to 3.0.0-beta1. This change will cause a test failure so it need to be coordinated with nodejs/node#38753.
This commit updates the version of quictls/openssl to 3.0.0-beta1. This change will cause a test failure so it needs to be coordinated with nodejs/node#38753.
This commit updates the version of quictls/openssl to 3.0.0-beta1. This change will cause a test failure so it needs to be coordinated with nodejs/node#38753.
I need to restart the containers after they rebuild (in progress) and then I'll start CI for this. |
Thanks! |
Re-run of failing node-test-commit-osx-arm ✔️ |
Landed in 1efa8fe...44e3822 |
This commit sets SSL_OP_ALLOW_CLIENT_RENEGOTIATION for OpenSSL 3.0 as this option is not set by default as it was in previous versions. Without this option set there are a few tests that fail when linked against OpenSSl 3.0.0-alpha-17, for example test-https-client-renegotiation-limit.js. I'm not sure we should be setting this for OpenSSL 3.0 or not, but I'll take a closer look at the implications but if nothing else this would allow for us to update to alpha-17 in the mean time. PR-URL: #38753 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Richard Lau <[email protected]>
This commit sets SSL_OP_ALLOW_CLIENT_RENEGOTIATION for OpenSSL 3.0 as this option is not set by default as it was in previous versions. Without this option set there are a few tests that fail when linked against OpenSSl 3.0.0-alpha-17, for example test-https-client-renegotiation-limit.js. I'm not sure we should be setting this for OpenSSL 3.0 or not, but I'll take a closer look at the implications but if nothing else this would allow for us to update to alpha-17 in the mean time. PR-URL: #38753 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Richard Lau <[email protected]>
This commit sets SSL_OP_ALLOW_CLIENT_RENEGOTIATION for OpenSSL 3.0 as this option is not set by default as it was in previous versions. Without this option set there are a few tests that fail when linked against OpenSSl 3.0.0-alpha-17, for example test-https-client-renegotiation-limit.js. I'm not sure we should be setting this for OpenSSL 3.0 or not, but I'll take a closer look at the implications but if nothing else this would allow for us to update to alpha-17 in the mean time. PR-URL: #38753 Reviewed-By: Anna Henningsen <[email protected]> Reviewed-By: James M Snell <[email protected]> Reviewed-By: Richard Lau <[email protected]>
This commit sets SSL_OP_ALLOW_CLIENT_RENEGOTIATION for OpenSSL 3.0 as
this option is not set by default as it was in previous versions.
Without this option set there are a few tests that fail when linked
against OpenSSl 3.0.0-alpha-17, for example test-https-client-renegotiation-limit.js.
I'm not sure we should be setting this for OpenSSL 3.0 or not, but I'll take
a closer look at the implications. If nothing else this would allow
for us to update to alpha-17 in the mean time.