SSL / TLS Renegotiation DoS

This script is Copyright (C) 2011-2013 Tenable Network Security, Inc.


Synopsis :

The remote service allows repeated renegotiation of TLS / SSL
connections.

Description :

The remote service encrypts traffic using TLS / SSL and permits
clients to renegotiate connections. The computational requirements
for renegotiating a connection are asymmetrical between the client and
the server, with the server performing several times more work. Since
the remote host does not appear to limit the number of renegotiations
for a single TLS / SSL connection, this permits a client to open
several simultaneous connections and repeatedly renegotiate them,
possibly leading to a denial of service condition.

See also :

http://www.ietf.org/mail-archive/web/tls/current/msg07553.html

Solution :

Contact the vendor for specific patch information.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P)
CVSS Temporal Score : 3.9
(CVSS2#E:POC/RL:U/RC:C)
Public Exploit Available : true

Family: General

Nessus Plugin ID: 53491 ()

Bugtraq ID: 48626

CVE ID: CVE-2011-1473