[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8611) Option to block SSL renegotation after X attempts

Full_Name: Quanah Gibson-Mount
Version: 2.4.44
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (

Using SSL renegotiation is a common form of DoS attack against services.  It
should be possible to configure the max # of times a client can request the
server renegotiate the SSL layer before being dropped.  Alternatively, an option
to completely disable SSL renegotiation in the slapd configuration may also be