Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

TLS/SSL Re-Negotiation Vulnerability [CVE-2011-1473]

7 views
Skip to first unread message

Hasan, Rezaul (NSN - US/Arlington Heights)

unread,
Dec 21, 2011, 1:40:38 PM12/21/11
to

Hello All,

We have openssl 0.9.8r on our Linux Server. Application thats used is httpd.

A Nessus security scan on our Linux server tells us that we may be vulnerable to a potential DOS due to SSL/TLS Renegotiation Vulnerability [CVE-2011-1473].

The suggestions of mitigating these (we believe) are:

1. Disable Re-Negotiation completely. {We CANNOT use this choice, because our system does need to allow Re-Negotiation in some cases. So NOT an option for us}

2. "Rate-Limit" Re-Negotiations.

Can someone please provide detailed information/guidance about exactly how to go about "Rate-Limiting" Re-Negotiation requests on the Linux Server? Pointing to a detailed article would also be helpful.

Thanks a bunch in advance.

0 new messages