tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From dku...@ccilindia.co.in
Subject How to limit the number of renegotiations for a single TLS / SSL connection
Date Fri, 08 Feb 2013 14:28:59 GMT
Hello All,

We are using -
Tomcat Version - 6.0.18
Operating System Version : HP-UX 11.31
SSL Version -  OpenSSL 0.9.8k 25 Mar 2009
Port - 8443

By running the venerability assessment test we are getting the following 
observation 

The remote service encrypts traffic using TLS / SSL and permits clients to 
renegotiate connections. The computational requirements for renegotiating 
a connection are asymmetrical between the client and the server, with the 
server performing several times more work. Since the remote host does not 
appear to limit the number of renegotiations for a single TLS / SSL 
connection, this permits a client to open several simultaneous connections 
and repeatedly renegotiate them, possibly leading to a denial of service 
condition.

Please suggest the recommended solution for tomcat

Thanks & Regards
Deepak Kumar
"Disclaimer and confidentiality clause -
 This message and any attachments relating to official business of CCIL OR ANY OF IT'S SUBSIDIARIES
is proprietary to CCIL and intended for the original addressee only.
The message may contain information that is confidential and subject to legal privilege. 
Any views expressed in this message are those of the individual sender. 
If you have received this message in error, please notify the original sender immediately
and destroy the message and copies thereof and any attachments contained in it .
 If you are not the intended recipient of this message, you are hereby notified that you must
not disseminate, copy, use, distribute, or take any action in connection therewith. 
 CCIL cannot ensure that the integrity of this communication has been maintained nor that
it is free of errors, viruses, interception and/or interference. 
CCIL is not liable whatsoever for loss or damage resulting from the opening of this message
and/or attachments and/or the use of the information contained in this message and/or attachments."
Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message