Hi
Our product is using OpenSSL 1.0.2 , one of the vulnerability scan tool reported vulnerability : CVE-2011-1473.
Vulnerability description:
Opensl doesn't properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
Only solution available for this vulnerability, is to disable renegotiation using SSL_OP_NO_RENEGOTIATION option. But this option is not available in the OpenSSL 1.0.2 version.
Any suggestions, how to fix this vulnerability in OpenSSL 1.0.2 version.
Regards
Manish
Our product is using OpenSSL 1.0.2 , one of the vulnerability scan tool reported vulnerability : CVE-2011-1473.
Vulnerability description:
Opensl doesn't properly restrict client-initiated renegotiation within the SSL and TLS protocols, which might make it easier for remote attackers to cause a denial of service (CPU consumption) by performing many renegotiations within a single connection.
Only solution available for this vulnerability, is to disable renegotiation using SSL_OP_NO_RENEGOTIATION option. But this option is not available in the OpenSSL 1.0.2 version.
Any suggestions, how to fix this vulnerability in OpenSSL 1.0.2 version.
Regards
Manish
