|
|
Sponsored Content
Operating Systems
Linux
Red Hat
SSL/TLS renegotiation DoS -how to disable? Is it advisable to disable?
Post 302567367 by manalisharmabe on Monday 24th of October 2011 04:57:11 AM
10-24-2011
Hi, mark54g,
Thanks for your contribution , could you please explain me this in detail(kind of). I have never work on Apache.
Thanks!
---------- Post updated at 02:26 PM ---------- Previous update was at 02:22 PM ----------
Hi mark, which one of follows should i enter in ssl.conf?
MaxRequestsPerChild Directive
Description:Limit on the number of requests that an individual child server will handle during its life Syntax:MaxRequestsPerChild number Default:MaxRequestsPerChild 10000 Context:server config Status:MPM Module:leader, mpm_netware, mpm_winnt, mpmt_os2, perchild, prefork, threadpool, worker The MaxRequestsPerChild directive sets the limit on the number of requests that an individual child server process will handle. After MaxRequestsPerChild requests, the child process will die. If MaxRequestsPerChild is 0, then the process will never expire.
--------------------------------------------------------------------------------------------------
MaxClients Directive
Description:Maximum number of connections that will be processed simultaneously Syntax:MaxClients number Default:See usage for details Context:server config Status:MPM Module:beos, leader, prefork, threadpool, worker The MaxClients directive sets the limit on the number of simultaneous requests that will be served. Any connection attempts over the MaxClients limit will normally be queued, up to a number based on the ListenBacklog directive. Once a child process is freed at the end of a different request, the connection will then be serviced.
For non-threaded servers (i.e., prefork), MaxClients translates into the maximum number of child processes that will be launched to serve requests. The default value is 256; to increase it, you must also raise ServerLimit.
---------- Post updated at 02:27 PM ---------- Previous update was at 02:26 PM ----------
Hi mark, which one of follows should i enter in ssl.conf?
MaxRequestsPerChild Directive
Description:Limit on the number of requests that an individual child server will handle during its life Syntax:MaxRequestsPerChild number Default:MaxRequestsPerChild 10000 Context:server config Status:MPM Module:leader, mpm_netware, mpm_winnt, mpmt_os2, perchild, prefork, threadpool, worker The MaxRequestsPerChild directive sets the limit on the number of requests that an individual child server process will handle. After MaxRequestsPerChild requests, the child process will die. If MaxRequestsPerChild is 0, then the process will never expire.
--------------------------------------------------------------------------------------------------
MaxClients Directive
Description:Maximum number of connections that will be processed simultaneously Syntax:MaxClients number Default:See usage for details Context:server config Status:MPM Module:beos, leader, prefork, threadpool, worker The MaxClients directive sets the limit on the number of simultaneous requests that will be served. Any connection attempts over the MaxClients limit will normally be queued, up to a number based on the ListenBacklog directive. Once a child process is freed at the end of a different request, the connection will then be serviced.
For non-threaded servers (i.e., prefork), MaxClients translates into the maximum number of child processes that will be launched to serve requests. The default value is 256; to increase it, you must also raise ServerLimit.
Thanks for your contribution , could you please explain me this in detail(kind of). I have never work on Apache.
Thanks!
---------- Post updated at 02:26 PM ---------- Previous update was at 02:22 PM ----------
Hi mark, which one of follows should i enter in ssl.conf?
MaxRequestsPerChild Directive
Description:Limit on the number of requests that an individual child server will handle during its life Syntax:MaxRequestsPerChild number Default:MaxRequestsPerChild 10000 Context:server config Status:MPM Module:leader, mpm_netware, mpm_winnt, mpmt_os2, perchild, prefork, threadpool, worker The MaxRequestsPerChild directive sets the limit on the number of requests that an individual child server process will handle. After MaxRequestsPerChild requests, the child process will die. If MaxRequestsPerChild is 0, then the process will never expire.
--------------------------------------------------------------------------------------------------
MaxClients Directive
Description:Maximum number of connections that will be processed simultaneously Syntax:MaxClients number Default:See usage for details Context:server config Status:MPM Module:beos, leader, prefork, threadpool, worker The MaxClients directive sets the limit on the number of simultaneous requests that will be served. Any connection attempts over the MaxClients limit will normally be queued, up to a number based on the ListenBacklog directive. Once a child process is freed at the end of a different request, the connection will then be serviced.
For non-threaded servers (i.e., prefork), MaxClients translates into the maximum number of child processes that will be launched to serve requests. The default value is 256; to increase it, you must also raise ServerLimit.
---------- Post updated at 02:27 PM ---------- Previous update was at 02:26 PM ----------
Hi mark, which one of follows should i enter in ssl.conf?
MaxRequestsPerChild Directive
Description:Limit on the number of requests that an individual child server will handle during its life Syntax:MaxRequestsPerChild number Default:MaxRequestsPerChild 10000 Context:server config Status:MPM Module:leader, mpm_netware, mpm_winnt, mpmt_os2, perchild, prefork, threadpool, worker The MaxRequestsPerChild directive sets the limit on the number of requests that an individual child server process will handle. After MaxRequestsPerChild requests, the child process will die. If MaxRequestsPerChild is 0, then the process will never expire.
--------------------------------------------------------------------------------------------------
MaxClients Directive
Description:Maximum number of connections that will be processed simultaneously Syntax:MaxClients number Default:See usage for details Context:server config Status:MPM Module:beos, leader, prefork, threadpool, worker The MaxClients directive sets the limit on the number of simultaneous requests that will be served. Any connection attempts over the MaxClients limit will normally be queued, up to a number based on the ListenBacklog directive. Once a child process is freed at the end of a different request, the connection will then be serviced.
For non-threaded servers (i.e., prefork), MaxClients translates into the maximum number of child processes that will be launched to serve requests. The default value is 256; to increase it, you must also raise ServerLimit.
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
We have a requirement to setup secure ftp between our AIX v5.3 system and
our mainframe. We don't want to use openssh with sftp and scp. Our mainframe uses ftp over ssl/tls so we have to use this on our AIX box. We have openssl on our AIX system but I'm not sure how to setup ssl/tls over ftp
on... (4 Replies)
Discussion started by: DANNYC
4 Replies
2. Cybersecurity
Here's a pretty good, and even PHB-compatible, explanation of the current TLS/SSl protocol vulnerability, including samples. (0 Replies)
Discussion started by: pludi
0 Replies
3. Shell Programming and Scripting
Hi All,
I have bash script, so what is sintax script in bash for Enable and Disable Tab Key. Thanks for your help.:(
Thanks,
Rico (1 Reply)
Discussion started by: carnegiex
1 Replies
4. UNIX for Dummies Questions & Answers
hi guys
I configured my openldap but now I want to implement SSL-TLS
This is my basic slapd.conf configuration
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include ... (2 Replies)
Discussion started by: karlochacon
2 Replies
5. Linux
Hi,
I have a doubt..whether the SSL/TLS protocol uses the public key of the web server to encrypt data before sending it.
I knew the browser verifies the public key of the web server using the digital certificate (by verifying the signature of the certificate using trusted authority). whether... (2 Replies)
Discussion started by: chaitus.28
2 Replies
6. Red Hat
Hi guys, Those who work on Apache may help me on this.
I have following problem
Description:
The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate
connections. The computational requirements for renegotiating a connection are
asymmetrical between the... (3 Replies)
Discussion started by: manalisharmabe
3 Replies
7. UNIX for Advanced & Expert Users
Hey Guys,
I am trying to setup ldap over tls in our lab. I am generating a self signed cert on the ldap server and importing that into the ldap system so it will use ldap over port 636. The clients will be a mix of solaris and redhat. I am lost on what I need to do on the client side to get... (0 Replies)
Discussion started by: s ladd
0 Replies
8. Cybersecurity
Hey Guys,
I have a couple servers that are getting flagged by by our network security team. How do I disable TLS 1.0 protocol within Solaris? The vulnerability is :
CVE-2011-3389
TLS-SSL Server Blockwise Chosen-Boundary Browser Weakness (2 Replies)
Discussion started by: s ladd
2 Replies
9. Shell Programming and Scripting
Hello,
I use the following SSH script to upload *.jpg files via FTP:
#!/usr/bin/expect
set timeout -1
spawn ftp -v -i
expect ""
send "\r"
expect "Password:"
send "\r"
expect "ftp>"
send "mput *.jpg\r"
expect "ftp>"
send "quit\r"
replaced with actual ftp server/account data.
... (5 Replies)
Discussion started by: mrpi007
5 Replies
10. UNIX for Advanced & Expert Users
Hello to all,
I'm beguinner in Linux instalations and I'm trying to Communicate from Web Sites that i have running under apache with openLDAP for users authentication using SSL mediation that seems to be connected with LDAPS.
Can someone advise me how to do this, I have already installed... (1 Reply)
Discussion started by: CPMarco
1 Replies