https://bz.apache.org/bugzilla/show_bug.cgi?id=66225
--- Comment #1 from UVScan <[email protected]> --- If httpd does not check the return value of SSL_renegotiate(), it could cause a DoS attack. Since SSL renegotiation process needs many computing resources and the current httpd does not break the renegotiation process when the return value is 0 (for error), we can initiate many renegotiation requests to exhaust the resources of devices or services, causing a DoS attack. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
