Hi,
I have an openfire server (3.10.2) configured with TLS required. When running a ssl analyzer (sslyze) i have the following ouput:
| Client-initiated Renegotiation: | VULNERABLE - Server honors client-initiated renegotiations |
As i understand there is a vulnerability that allows a DoS attack using the TLS renegotiation.
I searched the documentation but couldn't find any relevant data.
Is there a way (or workaround) to disable this on openfire?
Openssl:
Version 1.0.1e
Release 60.60.el7
Openfire : 3.10.2 (same occurs in current release -> 4.0.4)
