Renegotiation can open the door to attacks. There are two primary worries:
CVE-2009-3555: This vulnerability allows a “man-in-the-middle” attacker to inject data into an HTTPS session and execute requests on behalf of the victim. Refer to CVE-2009-3555 for more details.
Denial of Service (DoS): Establishing a secure SSL connection requires more processing power on the server, around 15 times, than on the client. An attacker can exploit this processing-power property along with renegotiation to trigger hundreds of handshakes in the same TCP connection; an assault can bring down a 30Gb-link server using only a laptop and DSL connection.
The THC group demonstrated the DoS attack and released a tool, THC-SSL-DoS, as a proof of concept. An SSL DoS attack can be carried out without SSL renegotiation by simply establishing a new TCP connection for every new handshake. SSL renegotiation makes it very easy to carry out this DoS attack.
Reference Link : https://securingtomorrow.mcafee.com/technical-how-to/tips-securing-ssl-renegotiation/
Step to reproduce :
Run the following command in Open SSL : openssl s_client -connect lahitapiola.fi:443
Below is the POC screenshot :
DOS Attack