Does the ProxySG appliance support secure client-initiated renegotiation?

book

Article ID: 168260

calendar_today

Updated On:

Products

ProxySG Software - SGOS

Issue/Introduction

The ProxySG appliance supports secure client-initiated renegotiation and rate shapes it so that if a third attempt at renegotiation fails, it is dropped

Resolution

The ProxySG appliance supports secure client-initiated renegotiation and rate shapes it so that if a third attempt at renegotiation fails, it is dropped. See the following security advisory for more information:

https://support.symantec.com/en_US/article.SYMSA1280.html

When a renegotiation request from a client comes in, the appliance drops the connection to the client after the second renegotiation request is successfully negotiated in the SSL handshake.
In essence,  the appliance is not vulnerable to this DDOS attack.