AnsweredAssumed Answered

Client-Initiated Renegotiation & Node.js

Question asked by Nathan Rugg on Dec 1, 2014

By default, Node.js limits Client-Initiated Renegotiation to 3 times in 10 minutes. Therefore, there isn't any threat of DoS, but the SSL report still claims it is in danger. It would be nice if it tried a few renegotiations before claiming it's a danger.

Outcomes