The Community Forums

Interact with an entire community of cPanel & WHM users!
  1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

TLS Renegotiation and Denial of Service Attacks

Discussion in 'Security' started by gkgcpanel, Nov 1, 2011.

  1. gkgcpanel

    gkgcpanel Well-Known Member

    Joined:
    Jun 6, 2007
    Messages:
    217
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    The following article was published yesterday.

    /http://blog.ivanristic.com/2011/10/tls-renegotiation-and-denial-of-service-attacks.html

    Is there a way to disable the client-initiated renegotiation in cpanel?
     
  2. gkgcpanel

    gkgcpanel Well-Known Member

    Joined:
    Jun 6, 2007
    Messages:
    217
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    Bump...

    Anyone??
     
  3. storminternet

    storminternet Well-Known Member

    Joined:
    Nov 2, 2011
    Messages:
    462
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    Root Administrator
    Have you checked ssl renegotiation explained at "http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html"

    If command produce an error then it means that renegotiation failed. However if it work and gives following output then it means that renegotiation is enabled on server

    In my view it is better to upgrade openssl version to 0.9.8m or higher version if you receive above output.
     
    #3 storminternet, Nov 11, 2011
    Last edited: Nov 11, 2011
  4. gkgcpanel

    gkgcpanel Well-Known Member

    Joined:
    Jun 6, 2007
    Messages:
    217
    Likes Received:
    0
    Trophy Points:
    16
    cPanel Access Level:
    DataCenter Provider
    Thanks. That worked fine, and renegotiation failed.
     
  5. minosjl

    minosjl Well-Known Member

    Joined:
    Jun 4, 2011
    Messages:
    168
    Likes Received:
    0
    Trophy Points:
    16
    Location:
    India
    cPanel Access Level:
    Root Administrator
    hi,

    I have read the blog you have given and i can see that the above mention issue will not happen if we have compiled mod_ssl with OpenSSL version 0.9.8m or later.You can view this in the below post.Please recompile your apache with mod_ssl using easyapache and check it over the the site.

    ----------------
    Apache HTTP Server Project
    -------------
     
Loading...

Share This Page