Conradludgate

**Name of the Vulnerable Software and Affected Versions** tls-listener versions prior to 0.10.0 **Description** The default configuration of tls-listener makes any public service using `TlsListener::new()` vulnerable to a slow-loris DoS attack. A malicious user can open 6.4 `TcpStream`s a second, sending 0 bytes, and trigger a DoS. This is an instance of a slow-loris attack, which impacts any publicly accessible service using the default configuration of tls-listener. **Recommendations** For versions prior to 0.10.0, users are advised to upgrade to version 0.10.0 or later. As a temporary workaround for users unable to upgrade, consider passing a large value, such as `usize::MAX`, as the parameter to `Builder::max handshakes` to mitigate this issue.