New denial of service tool knocks out encrypting servers

Eric Griffith egriffith92 at gmail.com
Wed Oct 26 02:58:33 UTC 2011


http://www.h-online.com/security/news/item/New-denial-of-service-tool-knocks-out-encrypting-servers-1366564.html

I link the article to make sure everyone see's it; but also to frame a
question. The "Fix" seems to be to simply disable SSL-Renegotiation so
that its not hammered over and over. The question: How do you disable
SSL Renegotiation on Nginx? I tried googling "Nginx Disable SSL
Renegotiation" but all that came back was patches to add the ability
TO disable it in Nginx, no actual config option. Anyone know?



More information about the nginx mailing list