Make sensitivity of is_vulnerable_to_client_renegotiation_dos configurable

Author: mxsasha

sslyze/plugins/session_renegotiation_plugin.py

@@ -180,7 +180,7 @@ def _test_client_renegotiation(server_info: ServerConnectivityInfo) -> Tuple[_Sc
         try:
             # Do a reneg multiple times in a row to be 100% sure that the server has no mitigations in place
             # https://github.com/nabla-c0d3/sslyze/issues/473
-            for i in range(10):
+            for i in range(server_info.network_configuration.client_renegotiation_attempts):
                 ssl_connection.ssl_client.do_renegotiate()
             accepts_client_renegotiation = True
 

sslyze/server_setting.py

@@ -173,6 +173,9 @@ class ServerNetworkConfiguration:
         xmpp_to_hostname: The hostname to set within the `to` attribute of the XMPP stream. If not supplied, the
             server's hostname will be used. Should only be set if the supplied `tls_wrapped_protocol` is an
             XMPP protocol.
+        client_renegotiation_attempts: The number of attempts to make when testing the client initiated
+            renegotiation DoS vector. If the server accepts this many attempts,
+            is_vulnerable_to_client_renegotiation_dos is set. Default: 10.
         network_timeout: The timeout (in seconds) to be used when attempting to establish a connection to the
             server.
         network_max_retries: The number of retries SSLyze will perform when attempting to establish a connection
@@ -184,6 +187,7 @@ class ServerNetworkConfiguration:
     tls_client_auth_credentials: Optional[ClientAuthenticationCredentials] = None
 
     xmpp_to_hostname: Optional[str] = None
+    client_renegotiation_attempts: int = 10
 
     network_timeout: int = 5
     network_max_retries: int = 3