[pkg-lighttpd] Client-initiated renegotiation

Olaf van der Spek olafvdspek at gmail.com
Wed Dec 21 10:43:11 UTC 2011


Hi,

According to ssllabs.com, Lighttpd has client-initiated renegotiation enabled.
It seems it's recommended to disable this. How does one disable this
in Lighttpd and wouldn't it be a good idea to disable it by default?

https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
-- 
Olaf



More information about the pkg-lighttpd-maintainers mailing list