In recent years, there are increasing denial of service (DoS) attacks on the Secure Socket Layer (SSL). In the SSL protocol, the SSL handshake protocol requires an extremely large computation amount for a server; and the server needs to perform a private key decryption operation, and generally a computation complexity of performing a private key decryption operation by the server may be exponentially more than a computation complexity of a client. Therefore, an SSL DoS attack uses this characteristic of the SSL protocol: an ordinary computer is connected to a digital subscriber line (DSL), and an encryption key is frequently requested by the ordinary computer within a short time to consume central processing unit (CPU) resources of an SSL server, so as to initiate attacks on the SSL server.
The client may continuously initiate a key negotiation request ClientHello message to the server, where the ClientHello message initiated by the client to the server includes a session identity (SessionID), and the SessionID may be reused. When the SessionID in the ClientHello message sent by the client exists in a local SessionID list of the server, the server sends a key negotiation response ServerHello message including the SessionID to the client. When the SessionID sent by the client does not exist in the SessionID list of the server, the server randomly generates a new SessionID and sends the SessionID to the client. In this way, the client and the server continue to complete an SSL key negotiation process. In this case, when the client continuously initiates a ClientHello message to the server and continuously performs SSL key negotiation with the server, it is extremely easy for the server to use up resources, thereby causing that a normal service on the server cannot be accessed. Currently, there is no effective method that can defend against an SSL DoS attack behavior.