Renegotiation vulnerability (CVE-2011-1473) in OpenSSL 1.0.2
Manish Patidar
mann.patidar at gmail.com
Tue Sep 26 16:56:12 UTC 2023
Hi
Our product is using OpenSSL 1.0.2 , one of the vulnerability scan tool
reported vulnerability : CVE-2011-1473.
Vulnerability description:
Opensl doesn't properly restrict client-initiated renegotiation within
the SSL and TLS protocols, which might make it easier for remote attackers
to cause a denial of service (CPU consumption) by performing many
renegotiations within a single connection.
Only solution available for this vulnerability, is to disable
renegotiation using SSL_OP_NO_RENEGOTIATION option. But this option is not
available in the OpenSSL 1.0.2 version.
Any suggestions, how to fix this vulnerability in OpenSSL 1.0.2 version.
Regards
Manish
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://mta.openssl.org/pipermail/openssl-users/attachments/20230926/a5c88657/attachment.htm>
More information about the openssl-users
mailing list