Hello All,
We have openssl 0.9.8r on our Linux Server.
A Nessus security scan on our Linux server tells us that we may be
vulnerable to a potential DOS due to SSL/TLS Renegotiation
Vulnerability [CVE-2011-1473].
The suggestions of mitigating these (we believe) are:
1. Disable Re-Negotiation completely. {We CANNOT use this choice,
because our system does need to allow Re-Negotiation in some cases. So
NOT an option for us}
2. "Rate-Limit" Re-Negotiations.
Can someone please provide detailed information/guidance about exactly
how to go about "Rate-Limiting" Re-Negotiation requests on the Linux
Server? Pointing to a detailed article would also be helpful.
Thanks a bunch in advance.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [email protected]
Automated List Manager [email protected]
