CVE-2021-32920 log

Severity Medium
Remote Yes
Type Denial of service
A security issue was found in the XMPP server software before version 0.11.9. It was discovered that Prosody does not disable SSL/TLS renegotiation, even though this is not used in XMPP. A malicious client may flood a connection with renegotiation requests to consume excessive CPU resources on the server.
Group Package Affected Fixed Severity Status Ticket
AVG-1955 prosody 1:0.11.8-1 1:0.11.9-1 High Fixed
Date Advisory Group Package Severity Type
19 May 2021 ASA-202105-11 AVG-1955 prosody High multiple issues

The issue can be mitigated by setting the following ssl option (or add to your existing one if you have one):

  ssl = {
    options = {
      no_renegotiation = true;