jorton at redhat
Nov 10, 2009, 6:25 AM
Post #26 of 26
(80 views)
Permalink
|
|
Re: TLS renegotiation attack, mod_ssl and OpenSSL
[In reply to]
|
|
On Tue, Nov 10, 2009 at 03:19:39PM +0100, Jean-Marc Desperrier wrote:
> Joe Orton wrote:
>> On Fri, Nov 06, 2009 at 12:00:06AM +0000, Joe Orton wrote:
>>> > On Thu, Nov 05, 2009 at 09:31:00PM +0000, Joe Orton wrote:
>>> >
>>> > Here is a very rough first hack (for discussion/testing purposes only!):
>> A second hack, slightly less rough hack:
>
> Joe, instead of hard coding this, a very nice solution would be to have
> a new directive "SSLServerRenegociation Allow" or even more flexible
> "SSLRenegociation disabled/serveronly/enabled" with disabled as default
> value.
Yes, sure. What is possible in mod_ssl will depend on what interfaces
OpenSSL will expose for this, which is not yet clear.
Regards, Joe
|
