A TLS renegotiation attack is a Layer 6/7 attack vector, one of the asymmetric-cost classes a thorough DDoS test is built to exercise. It exploits the fact that a TLS handshake is far more expensive for the server than for the client: completing the key exchange and asymmetric crypto costs the server meaningful CPU. By repeatedly requesting renegotiation on a single connection, or opening many connections and forcing fresh handshakes, a small client can drive a defender's CPU to saturation with very little bandwidth.
Why it matters in DDoS testing
This vector targets compute, not the network link, so a stack that survives a large volumetric flood can still fall to a low-bandwidth handshake storm. A test characterizes the handshake rate at which CPU saturates, whether client-initiated renegotiation is disabled, and how TLS termination offload or session resumption changes the curve. The economics of attacker cost versus defender cost are a recurring theme across application-layer attacks, which is why they are weighed in the AWS Shield vs Cloudflare DDoS comparison.