[jira] [Commented] (TS-1467) Do something about client initiated renegotiation (SSL) DDoS

James Peach (JIRA) Thu, 16 Jan 2014 17:18:10 -0800

    [ 
https://issues.apache.org/jira/browse/TS-1467?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13874260#comment-13874260
 ]


James Peach commented on TS-1467:
---------------------------------

Some review comments ...

{{SSLNetVConnection::allow_client_renegotiation}} is not used, so it can be 
removed. Same goes for {{SSLNetVConnection::getSSLClientRenegotiationAbort()}}.

Rather than keeping the {{sslClientRenegotiationAbort}} flag, is it possible to 
just call {{SSL_shutdown()}} from inside {{ssl_callback_info}}?

{{ssl_callback_info}} should be {{static}}.

> Do something about client initiated renegotiation (SSL) DDoS
> ------------------------------------------------------------
>
>                 Key: TS-1467
>                 URL: https://issues.apache.org/jira/browse/TS-1467
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: SSL
>            Reporter: Leif Hedstrom
>            Assignee: Bryan Call
>             Fix For: 4.2.0
>
>         Attachments: ts1467.diff
>
>
> https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks



--
This message was sent by Atlassian JIRA
(v6.1.5#6160)

[jira] [Commented] (TS-1467) Do something about client initiated renegotiation (SSL) DDoS

Reply via email to