projects / platform / upstream / nodejs.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: ef50bd2) | patch
tls: mitigate session renegotiation attacks
authorBen Noordhuis <info@bnoordhuis.nl>
Wed, 15 Feb 2012 18:26:43 +0000 (19:26 +0100)
committerBen Noordhuis <info@bnoordhuis.nl>
Thu, 16 Feb 2012 17:15:21 +0000 (18:15 +0100)
commit3415427dbfbd590bbee3d777ffc73dde3c67790d
tree06a06d105c919d3c037b2034fbe705f4db362aeetree | snapshot
parentef50bd2e541e3d62ed4ca91aa960b34c39516560commit | diff
tls: mitigate session renegotiation attacks

The TLS protocol allows (and sometimes requires) clients to renegotiate the
session. However, renegotiation requires a disproportional amount of server-side
resources, particularly CPU time, which makes it a potential vector for
denial-of-service attacks.

To mitigate this issue, we keep track of and limit the number of renegotiation
requests over time, emitting an error if the threshold is exceeded.
doc/api/tls.markdown diff | blob | history
lib/tls.js diff | blob | history
src/node_crypto.cc diff | blob | history
src/node_crypto.h diff | blob | history
test/pummel/test-tls-ci-reneg-attack.js [new file with mode: 0644] blob
Domain: Web Framework / Common;