Is it possible to disable client-initiated SSL/TLS renegotiations?

We have had some security testing done recently and they have told us that client-initiated SSL/TLS renegotiations are allowed. they have recommended this gets disabled as it could lead to a DoS attack, is this possible?


Hi Luke,

I just go through this link and seems like there is way to disable it.

https://support.microsoft.com/en-us/help/977377/microsoft-security-advisory-vulnerability-in-tls-ssl-could-allow-spoof


Regards,

Lakshmi

Lakshmi Kumar Yadav wrote:

Hi Luke,

I just go through this link and seems like there is way to disable it.

https://support.microsoft.com/en-us/help/977377/microsoft-security-advisory-vulnerability-in-tls-ssl-could-allow-spoof


Regards,

Lakshmi


But how do we apply this to the Outsystems platform

Hi Luke,

We can use recommended step as defined by the platform like encrypting all the Web Flows or Web services and sensitive data by using HTTP Security with SSL certificates.

You can refer below link to get more insights on this.

https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/How_OutSystems_Platform_helps_you_develop_secure_applications/04_Protecting_OutSystems_apps_using_encryption_and_SSL%2F%2F%2F%2FTLS


Warm Regard's,

Lakshmi Kumar