Breaking change 48513: Add a new allowLegacyUnsafeRenegotiation property to SecurityContext

69 views

Skip to first unread message

Brian Quinlan

unread,

Mar 4, 2022, 9:03:38 PM3/4/22

to anno...@dartlang.org

Discussion here: https://github.com/dart-lang/sdk/issues/48513

Change

I propose that we add a new boolean allowLegacyUnsafeRenegotiation property to SecurityContext.

If set, it would allow client sockets to renegotiate TLS connections if requested to by the server (see #47841).

Rationale

The SecurityContext API is already property based and implementing this as a constructor argument would be inconsistent with the rest of the API (where the only constructor argument is one that cannot be logically set after construction). Also, parameterizing all future functionality as constructor arguments does not seem scalable.

Impact

All classes that implements SecurityContext (without extends Mock or equivalent noSuchMethod implementation) will need to be updated.

There are no such classes in Dart or at Google.

Mitigation

Users must implement the allowLegacyUnsafeRenegotiation property.

Reply all

Reply to author

Forward

0 new messages