New denial of service tool knocks out encrypting servers
Maxim Dounin
mdounin at mdounin.ru
Wed Oct 26 05:35:01 UTC 2011
Hello!
On Tue, Oct 25, 2011 at 10:58:33PM -0400, Eric Griffith wrote:
> http://www.h-online.com/security/news/item/New-denial-of-service-tool-knocks-out-encrypting-servers-1366564.html
>
> I link the article to make sure everyone see's it; but also to frame a
> question. The "Fix" seems to be to simply disable SSL-Renegotiation so
> that its not hammered over and over. The question: How do you disable
> SSL Renegotiation on Nginx? I tried googling "Nginx Disable SSL
> Renegotiation" but all that came back was patches to add the ability
> TO disable it in Nginx, no actual config option. Anyone know?
Renegotiation is unconditionally disabled since nginx 0.8.23 /
0.7.64, see CHANGES:
Changes with nginx 0.8.23
11 Nov 2009
*) Security: now SSL/TLS renegotiation is disabled.
Changes with nginx 0.7.64
16 Nov 2009
*) Security: now SSL/TLS renegotiation is disabled.
Maxim Dounin
More information about the nginx
mailing list