Package: pound Version: 2.6-4 Severity: important Tags: security The security check at https://www.ssllabs.com/ssltest/ reports:
Secure Client-Initiated Renegotiation Supported DoS DANGER It gives a link to the following page: https://community.qualys.com/blogs/securitylabs/2011/10/31/tls-renegotiation-and-denial-of-service-attacks There is a setting that looks like it should disable this, SSLAllowClientRenegotiation. However the default is disabled, and this problem occurred. Furthermore, even if I include "SSLAllowClientRenegotiation 0" in my configuration I still get this warning. Thanks. -- Brian May <br...@microcomaustralia.com.au>
