Hello,
I am referring to the DoS via repeated SSL session renegotiations (http://kalilinuxtutorials.com/thc-ssl-dos/).
Prior to OpenSSL 1.1.0 the approach to deactivate client renegotiation was to set the corresponding flag via a
callback function, e.g. :
---
SSL *connection;
...
connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
---
---
SSL *connection;
...
connection->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
---
The problem now is, that this approach does not work for OpenSSL 1.1.0, because the "flags" are not accessible any longer.
It also seems that there is no *_set_flags() function for deactivating client renegotiation.
1) How can the client-renegotiation in OpenSSL generally be deactivated, preferably without accessing internal data structures as in the approach above?
2) Is it possible in OpenSSL 1.1.0 to access attributes like "flags" above? It seems that there is no dedicated API function for that.
2) Is it possible in OpenSSL 1.1.0 to access attributes like "flags" above? It seems that there is no dedicated API function for that.
Thank you for your help!
Best regards,
Marcus
Marcus
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
