Multiple vulnerabilities in httpv2 proto

Discussion in 'General' started by bobykus, Aug 8, 2016.

  1. bobykus

    bobykus Well-Known Member

  2. mistwang

    mistwang LiteSpeed Staff

    I wonder why they left Litespeed out, we have at least more than 20% of HTTP/2 market share, if exclude contribution from CloudFlare, we are about head to head with nginx. Instead, they test some non-production ready/toy HTTP/2 servers. :)

    By design, HTTP/2 may be vulnerable to some kind of resource abusing attack, as the connection has long keep-alive timeout, HTTPS connections are more resource intensive than regular HTTP connections, but, not likely any one can change that.

    Back to the attack scenarios, only possible attack to LiteSpeed is the slow read attacks that use for taking down nginx. we will do some fine adjustment to prevent that from happening, at least, make it a lot hard to exploit it.
    eva2000 likes this.

Share This Page