Client-Initiated Renegotiation
Establishing a secure TLS/SSL connection requires a lot more processing power on the server than it does on the client. This asymmetry can be exploited by an attacker to initiate an overwhelming amount of renegotiations which would drain the resources of the server and potentially lead to a denial of service.
PoC
- Execute the following command into the terminal:
openssl s_client -connect example.com:443 -msg
- When the connection is made, enter a capital
Rand hit enter - Note that the server responds with the connection output again, accepting the renegotiation