Openssl vulnerability : CVE-2011-1473 SSL/TLS: DoS via repeated SSL session renegotiations

Solution Unverified - Updated -

Issue

  • What is the resolution for the vulnerability reported in CVE-2011-1473?
  • The CVE reports that, because of the processing power required to handle an SSL/TLS handshake, with renegotiation enabled, a user can send multiple handshakes per second due to the renegotiation request being permitted. This could allow a malicious user to send multiple renegotiation requests and exhaust server resources.

Environment

  • Red Hat Enterprise Linux 6
  • Red Hat Enterprise Linux 5
  • Red Hat Enterprise Linux 4

Subscriber exclusive content

A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.

Current Customers and Partners

Log in for full access

Log In

New to Red Hat?

Learn more about Red Hat subscriptions

Using a Red Hat product through a public cloud?

How to access this content