[pkg-lighttpd] Client-initiated renegotiation

[Arno Töll]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 21.12.2011 11:43, Olaf van der Spek wrote:
> According to ssllabs.com, Lighttpd has client-initiated renegotiation enabled.
> It seems it's recommended to disable this. How does one disable this
> in Lighttpd and wouldn't it be a good idea to disable it by default?

Not sure about the recommendation. I don't see it as severe security
risk that would justify any action from us.

However, I agree with you and Lighttpd should have a switch to disable
that upon demand.

- -- 
with kind regards,
Arno Töll
IRC: daemonkeeper on Freenode/OFTC
GnuPG Key-ID: 0x9D80F36D
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJO8yU2AAoJEMcrUe6dgPNtBLEQAIvANgtlCUq74Q3XVCZSqJSq
XK5RZD5YnwAfaseO7l8QFWpnNuQin4m4Coy6FSoD6qiNmZsrdUxe/jtykOSYFSuN
Jgoc6EMYdLVsz5alu6IHsU9ZlLGsZWnpewtzudKdSCgDKohhLrwMUfbvPQ48XOGI
PLVm+3EDWS/bAUY9COPlNpOpp8VbcXJkzbaDGqvmcgH9kY4lRohTcj330fIY0toF
G2xc0VhLRIfqgmHZHbBwxujbkYcKAC+ykWoLEq8z3CDofmcXFtwd+vVLCXEhWMfh
R9HBFMo+31F3dA9slI/pi5ewTpMdCqpJeOgjM+QZA5M+9P2csVtZg1kHp2Jyfh8F
LQL5aQpdZaE56GeHz/qPs7DG7Hv84uki5XJWXaKYDbbSwl9jrNIRgi2rO7KYFQnN
qoeNNVQsWXAs0rYyjzzdndwQU6ZDmEUIOyrn+FsH1xS+DAnAWXbo6Bpl7y6hJzVo
vbbOsjbiYcwq+t1iY1wxNc9bUNfBr9XDPMFfzqFntwuuRtGW3SUyQJRNeLksPZVl
SKjiAkpyDInokRcjtXFD3+QI75Msjhn4GqWCgn0N2zhP14y1JuEHfIHaK5HGybmk
k9YP19qYfJRwghQHv+aKZyVDFhJ2YjF8BMsfnVt6kt7QY8MlLgmsBbEprU25kzjF
cQaM9i0hwbgPhc7T9YqR
=GgU0
-----END PGP SIGNATURE-----