Showing results for 
Search instead for 
Did you mean: 

53491 - SSL / TLS Renegotiation DoS "nessus"

Archil Sokhadze
Level 1
Level 1

custumer is telling me that they have found  vulerability on vcs-expressway .

Results Details


53491 - SSL / TLS Renegotiation DoS[-/+]


The remote service allows repeated renegotiation of TLS / SSL connections.


The remote service encrypts traffic using TLS / SSL and permits clients to renegotiate connections. The computational requirements for renegotiating a connection are asymmetrical between the client and the server, with the server performing several times more work. Since the remote host does not appear to limit the number of renegotiations for a single TLS / SSL connection, this permits a client to open several simultaneous connections and repeatedly renegotiate them, possibly leading to a denial of service condition.

See Also


Contact the vendor for specific patch information.



The remote host is vulnerable to renegotiation DoS over TLSv1 / SSLv3.

what can i answer ? what are solutions ?

10 Replies 10

Archil Sokhadze
Level 1
Level 1

is there any solution ?

Please see the following post -



test was performed with "nessus"   on vcs X7.2  , so if it was fixed why it's still showing up ?

Can you provide a current published CVE for this?

thanks, I've emailed one of the security guys in the development team to get their thoughts on this.

thanks , if there will be some news about this case please write in this discussion.

Hello Archil,

Thank you for visiting the support community and thank you to Guy for jumping in to help answer.  The better channel to direct such questions is to the PSIRT team reachable at as they have a dedicated team that manages the receipt, investigation, and public reporting of security vulnerability information that is related to Cisco products and networks.  Additional information and further contact details are available here:

Thank you,


John Faltys
Level 1
Level 1

Have you received an answer on this?

answer was :


There is no upstream fix for CVE-2011-1473 in the third-party OpenSSL library as yet.

More information about this bug can be found at:

In particular, the section "Is this a flaw with SSL/TLS?" discusses how this is not a significant risk (with the obvious caveat this is from a third-party security writer).

I don’t expect it to be fix anytime soon as even Redhat still has its own bug open (