You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@mina.apache.org by "Jonathan Valliere (JIRA)" <ji...@apache.org> on 2019/05/24 13:59:00 UTC
[jira] [Updated] (DIRMINA-939) Disable SSL Renegotiation to prevent
Denial of Service
[ https://issues.apache.org/jira/browse/DIRMINA-939?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Jonathan Valliere updated DIRMINA-939:
--------------------------------------
Summary: Disable SSL Renegotiation to prevent Denial of Service (was: SSL Renegotiation DOS)
> Disable SSL Renegotiation to prevent Denial of Service
> ------------------------------------------------------
>
> Key: DIRMINA-939
> URL: https://issues.apache.org/jira/browse/DIRMINA-939
> Project: MINA
> Issue Type: Bug
> Components: Core
> Reporter: Yannick Lecaillez
> Assignee: Jonathan Valliere
> Priority: Major
> Fix For: 2.0.14
>
> Attachments: mina-core.patch
>
>
> More information:
> http://www.ietf.org/mail-archive/web/tls/current/msg07553.html
> SSLFilter is subject to this issue since it allows client renegotiation.
> Test: http://blog.ivanristic.com/2009/12/testing-for-ssl-renegotiation.html
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)