Mitigate client-initiated SSL renegotiation DoS

author: Daniel Lowrey <rdlowrey@php.net> 2014-02-20 16:26:55 -0700
committer: Daniel Lowrey <rdlowrey@php.net> 2014-02-21 06:31:56 -0700
commit: b6edbd5897bfa18d6a8ae9a9662efa34abfba39e (patch)
tree: 3de7eeafdc6edb5524f1ed8c6867f57bc21163b8 /ext/openssl/php_openssl.h
parent: dcf27a1f6f205a22ecff1e537de6b13b0f1187ad (diff)
download: php-git-b6edbd5897bfa18d6a8ae9a9662efa34abfba39e.tar.gz
1 files changed, 4 insertions, 0 deletions
diff --git a/ext/openssl/php_openssl.h b/ext/openssl/php_openssl.h
index cab787afed..a823d30bd8 100644
--- a/ext/openssl/php_openssl.h
+++ b/ext/openssl/php_openssl.h
@@ -29,6 +29,10 @@ extern zend_module_entry openssl_module_entry;
 #define OPENSSL_RAW_DATA 1
 #define OPENSSL_ZERO_PADDING 2
 
+/* Used for client-initiated handshake renegotiation DoS protection*/
+#define DEFAULT_RENEG_LIMIT 2
+#define DEFAULT_RENEG_WINDOW 300
+
 php_stream_transport_factory_func php_openssl_ssl_socket_factory;
 
 PHP_MINIT_FUNCTION(openssl);
author	Daniel Lowrey <rdlowrey@php.net>	2014-02-20 16:26:55 -0700
committer	Daniel Lowrey <rdlowrey@php.net>	2014-02-21 06:31:56 -0700
commit	b6edbd5897bfa18d6a8ae9a9662efa34abfba39e (patch)
tree	3de7eeafdc6edb5524f1ed8c6867f57bc21163b8 /ext/openssl/php_openssl.h
parent	dcf27a1f6f205a22ecff1e537de6b13b0f1187ad (diff)
download	php-git-b6edbd5897bfa18d6a8ae9a9662efa34abfba39e.tar.gz