Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a new allowLegacyUnsafeRenegotiation property to SecurityContext #48513

Closed
brianquinlan opened this issue Mar 5, 2022 · 5 comments
Closed

Add a new allowLegacyUnsafeRenegotiation property to SecurityContext #48513

brianquinlan opened this issue Mar 5, 2022 · 5 comments
Assignees
@brianquinlan
Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. enhancement-breaking-change An enhancement which is breaking. library-io

Comments

@brianquinlan
Copy link
Contributor

brianquinlan commented Mar 5, 2022
edited

Change

I propose that we add a new boolean allowLegacyUnsafeRenegotiation property to SecurityContext.

If set, it would allow client sockets to renegotiate TLS connections if requested to by the server (see #47841).

Rationale

The SecurityContext API is already property based and implementing this as a constructor argument would be inconsistent with the rest of the API (where the only constructor argument is one that cannot be logically set after construction). Also, parameterizing all future functionality as constructor arguments does not seem scalable.

Impact

All classes that implements SecurityContext (without extends Mock or equivalent noSuchMethod implementation) will need to be updated.

There are no such classes in Flutter or at Google.

Mitigation

Users must implement the allowLegacyUnsafeRenegotiation property.
@brianquinlan brianquinlan added library-io enhancement-breaking-change An enhancement which is breaking. labels Mar 5, 2022
@brianquinlan brianquinlan self-assigned this Mar 5, 2022
@lrhn lrhn added the area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. label Mar 6, 2022
@brianquinlan
Copy link
Contributor Author

brianquinlan commented Mar 19, 2022
edited

Devon has limited bandwidth so I'll ask for sign-off directly (counter to process):

@vsmenon, @Hixie, and @grouma - can you review and sign off for Dart, Flutter, and AngularDart respectively? Thanks!

@grouma
Copy link
Member

grouma commented Mar 21, 2022

I could not find any usages of SecurityContext in AngularDart. In fact the only usages of implements SecurityContext I could find were in the SDK.

@Hixie
Copy link
Contributor

Hixie commented Mar 22, 2022

Fine by me.

@vsmenon
Copy link
Member

vsmenon commented Mar 26, 2022

lgtm

@brianquinlan
Copy link
Contributor Author

Fixed in c286b76

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@brianquinlan brianquinlan

Labels
area-core-library SDK core library issues (core, async, ...); use area-vm or area-web for platform specific libraries. enhancement-breaking-change An enhancement which is breaking. library-io
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@Hixie @grouma @vsmenon @lrhn @brianquinlan