From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=0.2 required=5.0 tests=DKIM_ADSP_CUSTOM_MED, DKIM_INVALID,DKIM_SIGNED,FREEMAIL_FROM autolearn=no autolearn_force=no version=3.4.4 Received: (qmail 26162 invoked from network); 20 Jan 2023 22:34:47 -0000 Received: from 9front.inri.net (168.235.81.73) by inbox.vuxu.org with ESMTPUTF8; 20 Jan 2023 22:34:47 -0000 Received: from mail-vk1-f177.google.com ([209.85.221.177]) by 9front; Fri Jan 20 17:33:25 -0500 2023 Received: by mail-vk1-f177.google.com with SMTP id q141so3220535vkb.13 for <9front@9front.org>; Fri, 20 Jan 2023 14:33:21 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20210112; h=content-transfer-encoding:to:subject:message-id:date:from :references:in-reply-to:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=ynPgfS/qGjt+SBW9V/QWrBTj/Lty5ALmH3M9pP2pB7o=; b=HP22UxjAQpdkZJ5+pp7WlpmxX4E4s84Vryy/fVBYf2npngCMeqPGyShxtNcqmFWfER xrpCf9xvtXt7uwa+PRDeeedVcWtQza2OAhGzFwnPCXXholswL5eenwoHwajJKZekGh+8 2YGWN4lCf+hrkuCnmifkoNMqLTC29KrYmFfwydkESwsAEunq3F4iuautqOnCLEJApvO2 JvYKFhCQrkRoiUMkzLXpamjF61D5RV23zKEnDxYKPbAW6S6m+19X2AjNrFFweuNy76Qt T8wql57dnZng1KUpbQH4ex3qVBhuLqqHWG3hY25lfF1aGOgMNiSuR3wLtJSS/WgkG6aT 2zxQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:to:subject:message-id:date:from :references:in-reply-to:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=ynPgfS/qGjt+SBW9V/QWrBTj/Lty5ALmH3M9pP2pB7o=; b=yHllQ+mRjk/3Z0xWN/bLpssKNNOND3NcoKkFTRjQCpg+Gm3niD7wtLLpcNJp2g4sOr risfAclDUg2BOJHDy4GA+gE8EPpIStylRvV4KTnVyNwWSAo5BZUA2DjKwzgT6e2oPxzO KU46z76c8TxPo3EYY50uxvvk60P0iMiybE0YB44WzykYa2bS9ozHAghcrHenvWUjHdny cEBg6SOdLSqQQXti39t6b/iw0gGSik3isAdMYh6nj4TVsKYfFZO8m11VqfXJEhDrG1pn wt3ozJDmuJFtizsjTFMqQHVMJw20SYMVrF41/fLjCj3oycgaMFfTlUwzkUC/2QY6Y0F2 iZeA== X-Gm-Message-State: AFqh2kpdN+GVfdfXX/BbloE3n2RVxYGCbzmux/7pKtKs/OfFKT7jZBQ/ sysRJdcZSoeHNCCR/bIZHMIX8ABV1s0Be2hIqvbmYnKb X-Google-Smtp-Source: AMrXdXt9iYmwo1Hhnp0K1YzqeBRY6+MXjMG3Tz/k1znIddw1K53ND3RDf5m397aaLLMP7jn6FWZCFiQ3xlFpo8xiWJA= X-Received: by 2002:ac5:cb61:0:b0:3e1:e63f:5ca3 with SMTP id l1-20020ac5cb61000000b003e1e63f5ca3mr938441vkn.33.1674254001387; Fri, 20 Jan 2023 14:33:21 -0800 (PST) MIME-Version: 1.0 Received: by 2002:ab0:5a66:0:0:0:0:0 with HTTP; Fri, 20 Jan 2023 14:33:20 -0800 (PST) In-Reply-To: References: <87988F72F1C2D20B16DE8DA47FB8C262@alice> From: hiro <23hiro@gmail.com> Date: Fri, 20 Jan 2023 23:33:20 +0100 Message-ID: To: 9front@9front.org Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: quoted-printable List-ID: <9front.9front.org> List-Help: X-Glyph: ➈ X-Bullshit: virtualized generic CSS-based ActivityPub information content-driven frontend Subject: Re: [9front] [PATCH] libsec: add minimal support for the tls renegotiation extension Reply-To: 9front@9front.org Precedence: bulk if it got removed in TLS 1.3, what is the remaining (edge?) use case? On 1/20/23, Anthony Martin wrote: > hiro <23hiro@gmail.com> once said: >> On 11/10/22, Anthony Martin wrote: >> > OpenSSL 3.0 clients refuse to connect to servers that do not >> > support the renegotiation extension (RFC 5746) >> >> why? what's the logic behind it? > > "It has been more than a decade since RFC 5746 was published, > so there has been plenty of time for implmentation support to > roll out." > > - Benjamin Kaduk=C2=B9 > > Remember, they continue to support renegotiation in TLS > versions before 1.3 and it's insecure=C2=B2 without the RFC 5746 > mitigation. It was removed in TLS 1.3. The Plan 9 TLS code > never supported it. Annoyance or clairvoyance? Who knows. > > Cheers, > Anthony > > 1. > https://github.com/openssl/openssl/commit/72d2670bd21becfa6a64bb03fa55ad8= 2d6d0c0f3 > 2. https://mailarchive.ietf.org/arch/msg/tls/N7EcRpvK2ENs5IwWYv2p7nrUG8w/ >