Open
Description
What is the underlying problem you're trying to solve?
TLS renegotiation is disabled by default in OPA, and this can cause http.send
to fail sometimes when interacting with servers using older TLS versions (like TLS 1.2). It'd be nice if we had an option on http.send
that would allow selectively enabling that feature.
Example error:
"error": {
"code": "eval_http_send_network_error",
"message": "Get \"https://mydomain.example.com/path\": local error: tls: no renegotiation"
},
"status_code": 0
Describe the ideal solution
Add an option like tls_renegotiation
, with options "never"
(default), "once"
, and "freely"
, which would correspond to the underling Golang TLS client config options.
Note: When using TLS 1.3, this option will be a no-op, due to lack of support for renegotiation requests from the server.
Describe a "Good Enough" solution
Same as above, but just a boolean toggle between never
and once
behavior.
Metadata
Metadata
Assignees
Type
Projects
Status
Backlog