httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Nick Gearls <nickgea...@gmail.com>
Subject re: SSL related DoS
Date Mon, 18 Apr 2011 12:38:25 GMT
> there doesn't seem to be any immediate demand for renegotiation
 > support, so it makes the most sense to leave it optional-to-enable
 > rather than optional-to-disable.
If you want to protect some parts of your site with client 
authentication, then you need to enable insecure renegotiation to 
support (not so) old browsers - even latest version of Safari on Mac.

But I agree it should stay disabled by default (most secure).
And client-side renegotiation isn't probably needed as several app 
servers do not honour it any way.

Nick

Mime
View raw message