TLS Renegotiation and Denial of Service Attacks

[gkgcpanel]

The following article was published yesterday.

/http://blog.ivanristic.com/2011/10/tls-renegotiation-and-denial-of-service-attacks.html

Is there a way to disable the client-initiated renegotiation in cpanel?

[gkgcpanel]

Bump...

Anyone??

[storminternet]

Bump...

Anyone??

Have you checked ssl renegotiation explained at "http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html"

If command produce an error then it means that renegotiation failed. However if it work and gives following output then it means that renegotiation is enabled on server

SSL handshake has read 3440 bytes and written 435 bytes
---
New, TLSv1/SSLv3, Cipher is RC4-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported

In my view it is better to upgrade openssl version to 0.9.8m or higher version if you receive above output.

[gkgcpanel]

Have you checked ssl renegotiation explained at "http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html"

If command produce an error then it means that renegotiation failed. However if it work and gives following output then it means that renegotiation is enabled on server



In my view it is better to upgrade openssl version to 0.9.8m or higher version if you receive above output.

Thanks. That worked fine, and renegotiation failed.

[minosjl]

hi,

I have read the blog you have given and i can see that the above mention issue will not happen if we have compiled mod_ssl with OpenSSL version 0.9.8m or later.You can view this in the below post.Please recompile your apache with mod_ssl using easyapache and check it over the the site.

----------------
Apache HTTP Server Project
-------------