[
https://issues.apache.org/jira/browse/DIRMINA-939?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13612765#comment-13612765
]
Yannick Lecaillez commented on DIRMINA-939:
-------------------------------------------
Note that some people does not even consider that as being an attack at all.
The point is that some security tools (like nessus) contains check in regards
of this DoS and produce a warning report if you accept
such behavior.
> SSL Renegotiation DOS
> ---------------------
>
> Key: DIRMINA-939
> URL: https://issues.apache.org/jira/browse/DIRMINA-939
> Project: MINA
> Issue Type: Bug
> Components: Core
> Reporter: Yannick Lecaillez
> Attachments: mina-core.patch
>
>
> More information:
> http://www.ietf.org/mail-archive/web/tls/current/msg07553.html
> SSLFilter is subject to this issue since it allows client renegotiation.
> Test: http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
