Is it possible to disable client-initiated SSL/TLS renegotiations?
Question

We have had some security testing done recently and they have told us that client-initiated SSL/TLS renegotiations are allowed. they have recommended this gets disabled as it could lead to a DoS attack, is this possible?


Hi Luke,

I just go through this link and seems like there is way to disable it.

https://support.microsoft.com/en-us/help/977377/microsoft-security-advisory-vulnerability-in-tls-ssl-could-allow-spoof


Regards,

Lakshmi

Lakshmi Kumar Yadav wrote:

Hi Luke,

I just go through this link and seems like there is way to disable it.

https://support.microsoft.com/en-us/help/977377/microsoft-security-advisory-vulnerability-in-tls-ssl-could-allow-spoof


Regards,

Lakshmi


But how do we apply this to the Outsystems platform

Hi Luke,

We can use recommended step as defined by the platform like encrypting all the Web Flows or Web services and sensitive data by using HTTP Security with SSL certificates.

You can refer below link to get more insights on this.

https://success.outsystems.com/Support/Enterprise_Customers/Maintenance_and_Operations/How_OutSystems_Platform_helps_you_develop_secure_applications/04_Protecting_OutSystems_apps_using_encryption_and_SSL%2F%2F%2F%2FTLS


Warm Regard's,

Lakshmi Kumar

Hi All,

Am also having a same query that is there any way to disable the secure renegotiations from OutSystems Platform end?

Please let me know

Regards,

Sripriya Sekar

Community GuidelinesBe kind and respectful, give credit to the original source of content, and search for duplicates before posting.