[Date Prev][Date Next] [Chronological] [Thread] [Top]

(ITS#8611) Option to block SSL renegotation after X attempts

To: openldap-its@OpenLDAP.org
Subject: (ITS#8611) Option to block SSL renegotation after X attempts
From: quanah@openldap.org
Date: Mon, 06 Mar 2017 17:51:35 +0000
Auto-submitted: auto-generated (OpenLDAP-ITS)

Full_Name: Quanah Gibson-Mount
Version: 2.4.44
OS: N/A
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (47.208.148.26)


Using SSL renegotiation is a common form of DoS attack against services.  It
should be possible to configure the max # of times a client can request the
server renegotiate the SSL layer before being dropped.  Alternatively, an option
to completely disable SSL renegotiation in the slapd configuration may also be
desirable.

Prev by Date: Re: (ITS#8607) Second master in MMR config logging contextCSN changes to accesslog
Next by Date: Re: (ITS#8607) Second master in MMR config logging contextCSN changes to accesslog
Index(es):
- Chronological
- Thread