[stunnel-users] SSL renegotiation patch

• Previous message (by thread): [stunnel-users] Build stunnel 4.53 binaries for windows error
• Next message (by thread): [stunnel-users] SSL renegotiation patch
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

2012/6/27 Janusz Dziemidowicz <rraptorr at nails.eu.org>:
> Hi,
> since I couldn't find a better place I'm sending a simple patch that
> allows to disable SSL renegotiation here. Possible reasons for this:
> - famous renegotiation SSL flaw, patched in OpenSSL a long time ago,
> but not everyone can or want to upgrade OpenSSL
> - renegotiation makes some DoS attacks much easier (see
> http://www.thc.org/thc-ssl-dos/), regardless of it being a secure one
> or not
> - it is really not needed in many cases
>
> The approach is based on what is being done in Apache. The default is
> to allow renegotation, so there should be no surprises for anyone
> after upgrade. Patch applies on latest (4.54b4) stunnel beta. Feel
> free to comment:)

I was kinda hoping for some feedback and maybe inclusion of the patch
in the next stunnel release;) Or should I send it elsewhere?

-- 
Janusz Dziemidowicz

• Previous message (by thread): [stunnel-users] Build stunnel 4.53 binaries for windows error
• Next message (by thread): [stunnel-users] SSL renegotiation patch
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]