[stunnel-users] SSL renegotiation patch
Janusz Dziemidowicz
rraptorr at nails.eu.org
Thu Aug 2 21:01:41 CEST 2012
2012/6/27 Janusz Dziemidowicz <rraptorr at nails.eu.org>:
> Hi,
> since I couldn't find a better place I'm sending a simple patch that
> allows to disable SSL renegotiation here. Possible reasons for this:
> - famous renegotiation SSL flaw, patched in OpenSSL a long time ago,
> but not everyone can or want to upgrade OpenSSL
> - renegotiation makes some DoS attacks much easier (see
> http://www.thc.org/thc-ssl-dos/), regardless of it being a secure one
> or not
> - it is really not needed in many cases
>
> The approach is based on what is being done in Apache. The default is
> to allow renegotation, so there should be no surprises for anyone
> after upgrade. Patch applies on latest (4.54b4) stunnel beta. Feel
> free to comment:)
I was kinda hoping for some feedback and maybe inclusion of the patch
in the next stunnel release;) Or should I send it elsewhere?
--
Janusz Dziemidowicz
More information about the stunnel-users
mailing list