An SSL/TLS handshake requires at least 10 times more processing power on a server than on the client. SSL renegotiation attacks can readily take advantage of this asymmetric workload. Watch this video to learn how to easily mitigate these attacks.
Andrew C. Oliver is a professional cat herder who moonlights as a software consultant. He started programming when he was 8 and cut his teeth on GW Basic, BASICA, and dBase III+. He is most known for founding the POI project, which is now hosted at Apache. He also was one of the early developers at JBoss before it merged with Red Hat. He is a former board member and current helper at the Open Source Initiative. He is president and founder of Open Software Integrators, a professional services firm with offices in Durham, N.C., and Chicago, Ill.