[openssl-dev] [RFC PATCH] doc/ssl: describe the possible DoS via repeated SSL session re-negotiation
Hubert Kario
hkario at redhat.com
Thu Aug 11 16:04:41 UTC 2016
On Thursday, 11 August 2016 13:50:53 CEST Sebastian Andrzej Siewior wrote:
> On 2016-08-11 11:34:24 [+0200], Hubert Kario wrote:
> > it all depends on the environment, in some renegotiation is completely
> > unnecessary (public HTTP servers without client certificate based
> > authentication), in others just client-initiated renegotiation is needed
> > (typical configuration for HTTP with client certificates), while in other
>
> Is this renegotiation (in this case) triggert by the client or by the
> server? I have here access to a few servers which require a client certs
> and they don't support renegotiation (triggert by the client) right
> after connect.
in this case the renegotiation is triggered by server
--
Regards,
Hubert Kario
Senior Quality Engineer, QE BaseOS Security team
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: This is a digitally signed message part.
URL: <http://mta.openssl.org/pipermail/openssl-dev/attachments/20160811/02f8024c/attachment.sig>
More information about the openssl-dev
mailing list