Daniel Micay on Twitter: "@4Dgifts It's not really as bad as it seems. It's a vulnerability in an obsolete feature already widely disabled as a best practice. https://t.co/Vnw2iKIpkq It's one of the things checked by https://t.co/Qet4VLaYOa and other free, publicly available security scanning tools." / Twitter

Replying to

It's not really as bad as it seems. It's a vulnerability in an obsolete feature already widely disabled as a best practice. twitter.com/DanielMicay/st It's one of the things checked by internet.nl and other free, publicly available security scanning tools.

Quote Tweet

Daniel Micay

@DanielMicay

Mar 25, 2021

Replying to @DanielMicay and @FiloSottile

Client-initiated renegotiation is disabled by default in nginx since November 2009. It should be disabled elsewhere too and should really be disabled by default in a future major version OpenSSL. It's unnecessary attack surface and has been known to be for a very long time.

5:44 PM · Mar 25, 2021Twitter Web App

Conversation