From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 18132 invoked from network); 25 Jan 2023 16:22:05 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 25 Jan 2023 16:22:05 -0000 Received: from mail-ej1-f45.google.com ([209.85.218.45]) by 9front; Wed Jan 25 11:20:05 -0500 2023 Received: by mail-ej1-f45.google.com with SMTP id az20so49127036ejc.1 for <9front@9front.org>; Wed, 25 Jan 2023 08:20:00 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :from:to:cc:subject:date:message-id:reply-to; bh=hIHBZW/yWx7xYoPOjUp9Oz/zG0jZSjWHOHIG/SADLrE=; b=id1c2ThCP1tkY2PLZKrs3jQggmJlPA5rjxbsWEUTTo5STSqghoSgQ4BDmjBszsgogS EIEXp33MXgQO+UQ9HtJ9AMIbiegJPeMJ7beldvpgB5g7T8Gs1Z47WL/jS6O6xSZbtkF9 vc7o9nyHJd7mIxJAKQFj8ZQrriyrBdF5fgmo9K2WgAF4uq9qUU6A1U1tDe0J8K3C9r+L eMdQLGrg994RZLpjCXvblCunavAVxAq7v/jgYUiKHT9uJFIH6Rz6EnHwxMSXPJKnTXVx iyvOxs3ix21vu33GYR+ceYBNIaGxkH6kKt+fVq7sMl41RZCWOqd/hkcmEK3R1aO21vQX /9Ng== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=to:subject:message-id:date:from:references:in-reply-to:mime-version :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=hIHBZW/yWx7xYoPOjUp9Oz/zG0jZSjWHOHIG/SADLrE=; b=EohzmBVVRoSPYZKMcLaqRgYa2p/E/jvFozxCR9Lf7sDle85DfdDo8Hg0zgA9Sy76LP TaAXWLblkGe3INy341JpY7NM59JtgZFqPV1Dz8upIueIT+Af+ebCwnrDWUoIcY8jFOzZ Z7pNGtrEER3duBfCAM8Qzp4EPJxf/VPSrmvZ7gouaMKdyT1qLjy+N3SWxDrf3iqIYY47 891QpSNc7eXx5+Ut2/stDPMl5bFu0Sjlvo452ta+/xmhNNbjjGz2Z3k5oRfs17twc2SQ NUNoMYP1z26Jd8HiKEVJk6HQhcOyJXe/Eey7FjbmnaosGouYtC2rG8XtfCs7RZTj5IAQ YYaA== X-Gm-Message-State: AFqh2koHh+W6SqPWf6mJb1RUB7n+n6xNvUHsI8o840l24cgx2Mk7KZ+l IHpIvNVJTT/jC6QmS0VzxGshoHkR5ySE1otcjFeMcAITS8Ya2g== X-Google-Smtp-Source: AMrXdXsrS4CYKZXEhMCKZY+1SUtgPUbAlSaL+ruXbJOITIkWX2O8piQFH6nAi/KEFQda7bFIT6diiiS7UnzhJTHNZpE= X-Received: by 2002:a17:906:3799:b0:781:541:8f1d with SMTP id n25-20020a170906379900b0078105418f1dmr3421921ejc.117.1674663600373; Wed, 25 Jan 2023 08:20:00 -0800 (PST) MIME-Version: 1.0 Received: by 2002:a05:7208:459d:b0:61:3d4f:f307 with HTTP; Wed, 25 Jan 2023 08:19:59 -0800 (PST) In-Reply-To: References: <87988F72F1C2D20B16DE8DA47FB8C262@alice> From: kemal Date: Wed, 25 Jan 2023 16:19:59 +0000 Message-ID: To: 9front@9front.org Content-Type: text/plain; charset="UTF-8" List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: compliant JSON module-scale reduce/map-oriented frontend Subject: Re: [9front] [PATCH] libsec: add minimal support for the tls renegotiation extension Reply-To: 9front@9front.org Precedence: bulk 2023-01-23 13:16 GMT, hiro <23hiro@gmail.com>: > did you try explaining this to "The OpenSSL developers" ? > > also, is there no way in openssl to turn off this behavior? > > it seems like an industry-wide sabotage effort. i'd like to add to the discussion that i encountered with this problem months ago, but with a custom firefox config: https://github.com/arkenfox/user.js/blob/master/user.js#L423 i solved this "problem" by just disabling that setting, but it's confusing that openssl adopted this practice too. i don't get the point. 2023-01-24 0:16 GMT, hiro <23hiro@gmail.com>: > also, maybe it's enough if we stop supporting tls1.2 ? > maybe tls1.1 and tls1.3 can be setup in a safe enough way already? that's a terrible idea, there are lots of clients that still don't have tls 1.3, and tls 1.2 introduces tons of features that makes it more secure than 1.1/1.0 plus someone would have to implement 1.3 :)