httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Stefan Fritsch>
Subject Re: SSL related DoS
Date Sun, 17 Apr 2011 08:49:39 GMT
On Sat, 16 Apr 2011, Eric Covener wrote:

> would mod_reqtimeout step in after too many renegotiations had eaten
> too much wall time?

Whenever mod_ssl reads data from the client, mod_reqtimeout will check the 
configured timeouts. It is possible that the data sent during reneg may 
prevent the "minimum required data rate" feature from triggering, but 
maximum timeouts will always be enforced.

The attacker can just create new connections, though.

View raw message