daohualiuxiang/node - node - Gitea: Git with a cup of tea

Commit Graph

Author	SHA1	Message	Date
Ben Noordhuis	ff552ddbaa	tls: fix off-by-one error in renegotiation check Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2 means the peer can renegotiate twice, not just once. Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing sensitive (and run faster) while we're at it.	2012-06-18 04:31:40 +02:00
isaacs	0cdf85e28d	Lint all the JavaScripts.	2012-02-18 15:34:57 -08:00
Ben Noordhuis	3415427dbf	tls: mitigate session renegotiation attacks The TLS protocol allows (and sometimes requires) clients to renegotiate the session. However, renegotiation requires a disproportional amount of server-side resources, particularly CPU time, which makes it a potential vector for denial-of-service attacks. To mitigate this issue, we keep track of and limit the number of renegotiation requests over time, emitting an error if the threshold is exceeded.	2012-02-16 18:15:21 +01:00

Author

SHA1

Message

Date

Ben Noordhuis

ff552ddbaa

tls: fix off-by-one error in renegotiation check

Make CLIENT_RENEG_LIMIT inclusive instead of exclusive, i.e. a limit of 2
means the peer can renegotiate twice, not just once.

Update pummel/test-tls-ci-reneg-attack accordingly and make it less timing
sensitive (and run faster) while we're at it.

2012-06-18 04:31:40 +02:00

isaacs

0cdf85e28d

Lint all the JavaScripts.

2012-02-18 15:34:57 -08:00

Ben Noordhuis

3415427dbf

tls: mitigate session renegotiation attacks

The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.

To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.

2012-02-16 18:15:21 +01:00

3 Commits (252f034b30b3bf9b0c38d683725868d899209870)