Hey @righter,
sorry for the late reply but I guess better late than never 
Both mentioned CVEs are disputed.
The problem seems, that a client with an existing TLS/TCP connection can cause renegotiations which basically means a new TLS handshake which is computational intensive. A client can also cause this with a new connection. Arguably it is a bit easier to detect new TCP connections than TLS renegotiation requests but apparently you can detect them without TLS interception.
I agree therefore with the disputation and donβt think this is really an issue and should be treated as false-positive.