Wonderful. Glad I recently added OCSP support to servers. Arg! So does this affe... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

beezle on Sept 22, 2016 | parent | context | favorite | on: OpenSSL Security Advisory

Wonderful. Glad I recently added OCSP support to servers. Arg!

So does this affect TLSv1.2 only servers that do NOT support client renegotiation of any type?

deweerdt on Sept 22, 2016 [–]

This is the only claim that i've found saying that throttling (or disabling, for that matter) renegotiation would prevent the issue: https://twitter.com/Unreal_IRCd/status/778975019829489664

The advisory makes it sound like that would be the case, but it would have been great if that was explicitly stated.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact