Hi Patrick,
> While going through the Qualys SSL test > (https://www.ssllabs.com/ssltest), one of the items it mentions is a > DoS vulnerability in regards to client-side initiated SSL renegotiation > (https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks). > > While researching the subject, it seems that the only reliable way to > mitigate the issue is in the server software. Apache has implemented > code to disable renegotiation. Would it be possible to add an option in > haproxy to disable it? Looks like its already disabled by default? https://www.ssllabs.com/ssltest/analyze.html?d=demo.1wt.eu ---> Secure Client-Initiated Renegotiation: No ---> Insecure Client-Initiated Renegotiation: No Regards, Lukas
