Sign in / up

Reply to post: no DNS security or client-initiated renegotiation protection either

Sealed with an XSS: IT pros urge Lloyds Group to avoid web cross talk

john.jones.name
Reply Icon
Stop

no DNS security or client-initiated renegotiation protection either

for a start the web server allows for client-initiated renegotiation, which is NOT good at all..

Although the option does not bear a risk for confidentiality, it does make a web server vulnerable to DoS attacks within the same TLS connection. Therefore you should not support it.

they have not enabled DNSSEC... spoof away !

POST COMMENT House rules

Not a member of The Register? Create a new account here.

Forgotten password ?

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon