From d3c3f7c25e106220a9fcda7929a66a53adbf059b Mon Sep 17 00:00:00 2001 From: Simone Bordet Date: Fri, 11 Oct 2024 19:05:11 +0200 Subject: [PATCH] Fixes #12378 - Change default value for SslContextFactory.renegotiationAllowed to false. Signed-off-by: Simone Bordet --- .../java/org/eclipse/jetty/util/ssl/SslContextFactory.java | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java index ee5772c5d6c8..20725ff049a1 100644 --- a/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java +++ b/jetty-core/jetty-util/src/main/java/org/eclipse/jetty/util/ssl/SslContextFactory.java @@ -182,7 +182,7 @@ public abstract class SslContextFactory extends ContainerLifeCycle implements Du private SSLContext _setContext; private String _endpointIdentificationAlgorithm = "HTTPS"; private boolean _trustAll; - private boolean _renegotiationAllowed = true; + private boolean _renegotiationAllowed; private int _renegotiationLimit = 5; private Factory _factory; private PKIXCertPathChecker _pkixCertPathChecker; @@ -993,7 +993,7 @@ public void setTrustManagerFactoryAlgorithm(String algorithm) } /** - * @return whether TLS renegotiation is allowed (true by default) + * @return whether TLS renegotiation is allowed ({@code false} by default) */ @ManagedAttribute("Whether renegotiation is allowed") public boolean isRenegotiationAllowed()