https://community.checkpoint.com/t5/General-Topics/Client-Initiated-TLS-Renegotiation-DoS/m-p/112606#M21182 <P>The relevant CVE for this issue is:&nbsp;<A href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1473" target="_blank" rel="noopener">CVE-2011-1473</A><BR />This is not something we are vulnerable to per: &nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92447" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92447</A><BR /><SPAN>Specifically: Check Point puts all sorts of protections against DoS on the gateway (limiting the number of connections, limiting the amount of data, etc.)</SPAN></P> Sat, 06 Mar 2021 08:42:53 GMT PhoneBoy 2021-03-06T08:42:53Z https://community.checkpoint.com/t5/General-Topics/Client-Initiated-TLS-Renegotiation-DoS/m-p/112605#M21181 <P>We have had a pen test performed and an issue has been raised for our Gateways A,B and HA external IP's.</P><P>I have seen there "may" be a IPS Protection that could help with this:</P><P>TLS Client Initiated Renegotiation</P><P>But if we enabled this, the CP would potentially block this but we haven't actually fixed the issue at hand.</P><P>Would anyone know a fix for the attached or seen it themselves?</P><P>Thanks</P> Sat, 06 Mar 2021 08:20:35 GMT https://community.checkpoint.com/t5/General-Topics/Client-Initiated-TLS-Renegotiation-DoS/m-p/112605#M21181 NeilDavey 2021-03-06T08:20:35Z https://community.checkpoint.com/t5/General-Topics/Client-Initiated-TLS-Renegotiation-DoS/m-p/112606#M21182 <P>The relevant CVE for this issue is:&nbsp;<A href="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-1473" target="_blank" rel="noopener">CVE-2011-1473</A><BR />This is not something we are vulnerable to per: &nbsp;<A href="https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92447" target="_blank">https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&amp;solutionid=sk92447</A><BR /><SPAN>Specifically: Check Point puts all sorts of protections against DoS on the gateway (limiting the number of connections, limiting the amount of data, etc.)</SPAN></P> Sat, 06 Mar 2021 08:42:53 GMT https://community.checkpoint.com/t5/General-Topics/Client-Initiated-TLS-Renegotiation-DoS/m-p/112606#M21182 PhoneBoy 2021-03-06T08:42:53Z