On 3/3/2010 2:00 PM, Mladen Turk wrote: > > Right, and I'm afraid if SSLInsecureRenegotiation (default) isn't set > while compiled with 0.9.8m one can easily create an DoS attack.
Stop. I can accomplish the same within the confines of the Timeout limitation by connecting to the server, sending an OPTIONS line, and not completing the request headers. The effect is the same. Please don't abuse words like DoS to describe utilization. Of course IE and Firefox, Opera and Safari are all DoS tools. It's called consuming server resources :)
