The ProxySG appliance supports secure client-initiated renegotiation and rate shapes it so that if a third attempt at renegotiation fails, it is dropped
The ProxySG appliance supports secure client-initiated renegotiation and rate shapes it so that if a third attempt at renegotiation fails, it is dropped. See the following security advisory for more information:
https://support.symantec.com/en_US/article.SYMSA1280.html
When a renegotiation request from a client comes in, the appliance drops the connection to the client after the second renegotiation request is successfully negotiated in the SSL handshake.
In essence, the appliance is not vulnerable to this DDOS attack.