The negotiation process of the SSL encryption uses much more resources on the server than on the client. If the client can initiate the renegotiation process, an attacker can render the server unavailable with a Denial of Service attack.
Security Assessment
CVSS Vector: AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Information
The negotiation process of the SSL encryption uses significantly more resources on the server than on the client. If the client can initiate the renegotiation process, an attacker can render the server unavailable with a Denial of Service attack.
Guides
This problem has been fixed in recent webserver versions. E.g. the latest versions of Apache and nginx do not allow client initiated SSL renegotiation. Therefore make sure that your webserver is up-to-date.
E.g. run:
apt-get update; apt-get upgrade # Debian / Ubuntu
yum update # RHeL / CentOS
pacman -Syu # Arch Linux