Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
OpenSslEngine should not call SSL_set_state
See original GitHub issueOpenSslEngine currently calls SSL_set_state(SSL_ST_ACCEPT) during the renegotiation process. The OpenSSL team has advised against this [1]. We should investigate and avoid calling SSL_ST_ACCEPT if possible.
[1] https://github.com/openssl/openssl/issues/2551#issuecomment-277644153
Issue Analytics
- State:
- Created 7 years ago
- Reactions:2
- Comments:5 (3 by maintainers)
Top Results From Across the Web
Netty | Java example | OpenSslEngine.java - Alvin Alexander
This example Java source code file (OpenSslEngine.java) is included in the alvinalexander.com "Java Source Code Warehouse" project. The intent of this project ...
Read more >Architecture specific change in rpms/netty.git - Arch-excludes
The package rpms/netty.git has added or updated architecture specific content in its spec file (ExclusiveArch/ExcludeArch or ...
Read more >Diff - external/netty-tcnative - Google Git
+ * The ASF licenses this file to You under the Apache License, Version 2.0 + * (the "License"); you may not use...
Read more >Java Examples for java.nio.ReadOnlyBufferException
The output buffer's * position will have advanced by n, where n is the value returned * by this method; the output buffer's...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
@Scottmitch I wonder if we should just remove the support for
renegotiationas its risky business anyway. This would also allow us to just dropset_stateusage and so support openssl 1.1.x.WDYT ?
@carl-mastrangelo @ejona86 @nmittler WDYT as well?
OpenSSL 1.1.0e cannot be used in netty-tcnative, because SSL_set_state no longer exists in OpenSSL since 1.1.0 (https://github.com/netty/netty-tcnative/issues/263). Given that OpenSSL 1.1.1 (hopefully) supports TLS 1.3, it seems worth to remove usage of SSL_set_state.