 
            
            
            
            
                27 Jun
                
                    2012
                
            
            
                27 Jun
                
                '12
                
            
            
            
        
    
                9:42 p.m.
            
        Hi, since I couldn't find a better place I'm sending a simple patch that allows to disable SSL renegotiation here. Possible reasons for this: - famous renegotiation SSL flaw, patched in OpenSSL a long time ago, but not everyone can or want to upgrade OpenSSL - renegotiation makes some DoS attacks much easier (see http://www.thc.org/thc-ssl-dos/), regardless of it being a secure one or not - it is really not needed in many cases The approach is based on what is being done in Apache. The default is to allow renegotation, so there should be no surprises for anyone after upgrade. Patch applies on latest (4.54b4) stunnel beta. Feel free to comment:) -- Janusz Dziemidowicz