Client-initiated renegotiation attack mitigation

TLS协议允许客户端在TLS会话中进行重协商,用于安全因素的考量. 不幸的是,会话重协商需要消耗大量的服务器端资源,这将导致服务器存在潜在的被DDoS攻击的可能.

为了减轻这个风险,node限制每十分钟只能使用三次重协商,超过这个限制将会在tls.TLSSocket实例中产生一个error事件. 这个限制是可配置的:

  • tls.CLIENT_RENEG_LIMIT <number> 指定重协商请求的次数限制,默认为3.
  • tls.CLIENT_RENEG_WINDOW <number> 指定限制次数的生效时间段,默认是600(十分钟).

注意:   不应在未充分理解其含义与影响的情况下修改上述参数.

如果要测试服务端重协商限制,请使用OpenSSL命令行客户端(openssl s_client -connect address:port)连接服务器,并输入 R<CR> (即输入R字符后紧跟回车) 多次,如在默认配置下连接服务器并输入三次R加回车后,服务器断开了连接,则表示限制生效.

The TLS protocol allows clients to renegotiate certain aspects of the TLS session. Unfortunately, session renegotiation requires a disproportionate amount of server-side resources, making it a potential vector for denial-of-service attacks.

To mitigate the risk, renegotiation is limited to three times every ten minutes. An 'error' event is emitted on the tls.TLSSocket instance when this threshold is exceeded. The limits are configurable:

  • tls.CLIENT_RENEG_LIMIT <number> Specifies the number of renegotiation requests. Default: 3.
  • tls.CLIENT_RENEG_WINDOW <number> Specifies the time renegotiation window in seconds. Default: 600 (10 minutes).

The default renegotiation limits should not be modified without a full understanding of the implications and risks.

To test the renegotiation limits on a server, connect to it using the OpenSSL command-line client (openssl s_client -connect address:port) then input R<CR> (i.e., the letter R followed by a carriage return) multiple times.