[openssl-dev] [RFC PATCH] doc/ssl: describe the possible DoS via repeated SSL session re-negotiation
Sebastian Andrzej Siewior
openssl-dev at ml.breakpoint.cc
Tue Aug 9 19:18:58 UTC 2016
On 2016-08-08 20:16:58 [+0000], Viktor Dukhovni wrote:
> On Mon, Aug 08, 2016 at 08:57:26PM +0200, Sebastian Andrzej Siewior wrote:
> > support for re-negotiation request from the client. From looking around,
> > nginx for instance does not support renegotiation from client's side.
>
> Postfix supports rate limiting new session creation:
>
> http://www.postfix.org/postconf.5.html#smtpd_client_new_tls_session_rate_limit
>
> Other servers can implement similar resource limits as appropriate.
I don't really know what I am supposed to do with this information. Do
you want me to add this as an example into the doc patch or do you
simply point out that others already took precautions?
Sebastian
More information about the openssl-dev
mailing list