Hello All,
We have openssl 0.9.8r on our Linux Server. Application thats used is
httpd.
A Nessus security scan on our Linux server tells us that we may be
vulnerable to a potential DOS due to SSL/TLS Renegotiation Vulnerability
[CVE-2011-1473].
The suggestions of mitigating these (we believe) are:
1. Disable Re-Negotiation completely. {We CANNOT use this choice,
because our system does need to allow Re-Negotiation in some cases. So
NOT an option for us}
2. "Rate-Limit" Re-Negotiations.
Can someone please provide detailed information/guidance about exactly
how to go about "Rate-Limiting" Re-Negotiation requests on the Linux
Server? Pointing to a detailed article would also be helpful.
Thanks a bunch in advance.
