You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@mina.apache.org by "Jonathan Valliere (JIRA)" <ji...@apache.org> on 2019/05/24 13:59:00 UTC

[jira] [Updated] (DIRMINA-939) Disable SSL Renegotiation to prevent Denial of Service

     [ https://issues.apache.org/jira/browse/DIRMINA-939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jonathan Valliere updated DIRMINA-939:
--------------------------------------
    Summary: Disable SSL Renegotiation to prevent Denial of Service  (was: SSL Renegotiation DOS)

> Disable SSL Renegotiation to prevent Denial of Service
> ------------------------------------------------------
>
>                 Key: DIRMINA-939
>                 URL: https://issues.apache.org/jira/browse/DIRMINA-939
>             Project: MINA
>          Issue Type: Bug
>          Components: Core
>            Reporter: Yannick Lecaillez
>            Assignee: Jonathan Valliere
>            Priority: Major
>             Fix For: 2.0.14
>
>         Attachments: mina-core.patch
>
>
> More information:
> http://www.ietf.org/mail-archive/web/tls/current/msg07553.html
> SSLFilter is subject to this issue since it allows client renegotiation.
> Test: http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)