[pkg-lighttpd] Client-initiated renegotiation
Olaf van der Spek
olafvdspek at gmail.com
Wed Dec 21 10:43:11 UTC 2011
Hi,
According to ssllabs.com, Lighttpd has client-initiated renegotiation enabled.
It seems it's recommended to disable this. How does one disable this
in Lighttpd and wouldn't it be a good idea to disable it by default?
https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks
--
Olaf
More information about the pkg-lighttpd-maintainers
mailing list