Re: DoS vulnerability due to client-initiated renegotiation

From: Vincent Bernat <>
Date: Sun, 06 Nov 2011 18:28:04 +0100

OoO En cette fin de nuit blanche du dimanche 06 novembre 2011, vers 06:01, Amol <> disait :

> I would also be interested in knowing about the fix for this

I still haven't found a way to patch this. I have asked on OpenSSL mailing list with no luck. I still need to investigate more.

> and also while we are on this topic, what would be a good/optimum
> configuration for SSL protocol support, SSL key exchange and SSL
> chipper strength is there some setting we can add to the stunnel or
> haproxy configuration?

Since OpenSSL now disables SSLv2 by default (otherwise, you should pass NO_SSLv2 as an option), you are only concerned by the cipher list. I would suggest:
  AES128-SHA:AES256-SHA:RC4-SHA. This is supported by all browsers and perform well enough. If you are not concerned by security, you can just use RC4-SHA. On the other end, if you are required to use a DH cipher, you could start with:   ECDHE-RSA-AES256-SHA:DHE-RSA-AES256-SHA:EDH-DSS-DES-CBC3-SHA (again, support in all browsers).

You can mix both (in this case, you should drop EDH-DSS-DES-CBC3-SHA) but you should be aware that someone wanting to run a DoS will force the use of DHE cipher and it is possible for an attacker to downgrade to the less secure cipher with SSL 3.0 (downgrade attack).

Vincent Bernat ☯

Make it right before you make it faster.
            - The Elements of Programming Style (Kernighan & Plauger)
Received on 2011/11/06 18:28

This archive was generated by hypermail 2.2.0 : 2011/11/06 18:30 CET