Hi List,
I think Doug Smith was correct in his email Heartbeat response during
handshake?
RFC 6520 does state that The receiving peer SHOULD discard the message
silently, if it arrives during the handshake..
I was testing adding the following lines to d1_both.c and t1_lib.c in
the
On 04/11/2014 04:13 PM, Carlos Alberto Lopez Perez wrote:
Probably this blog post provides more information about what Akamai has
been doing related to this issue:
https://blogs.akamai.com/2014/04/heartbleed-update.html
It would be appreciated if you cared to contribute back your own custom
Your code does not set i to -1.
This patch fixes the little issue.
Bug added in:
commit 934e22e81455e1e6229cbafb525a36cb6c50dbe9
Author: Dr. Stephen Henson st...@openssl.org
diff --git a/ssl/d1_both.c b/ssl/d1_both.c
index d8bcd58..2c06fc2 100644
--- a/ssl/d1_both.c
+++ b/ssl/d1_both.c
@@ -679,8
On Fri, Apr 11, 2014 at 05:51:17PM -0500, Reini Urban wrote:
On 04/11/2014 04:13 PM, Carlos Alberto Lopez Perez wrote:
Probably this blog post provides more information about what Akamai has
been doing related to this issue:
https://blogs.akamai.com/2014/04/heartbleed-update.html
It
It would be appreciated if you cared to contribute back your own custom
secure_malloc allocator.
We did. See
http://marc.info/?l=openssl-usersm=139723710923076w=2
and
http://marc.info/?l=openssl-usersm=139723972124003w=2
--
Principal Security Engineer
Akamai Technology
Cambridge,
On Mon, Oct 7, 2013 at 7:47 AM, Jeff Trawick traw...@gmail.com wrote:
See the attached patch which applies over openssl-1.0.1e and selects the
use of existing support for the Windows API
WaitForSingleObject(..STD_INPUT_HANDLE..) to trigger a read of stdin. That
logic is hidden currently
[From: openssl-users]
On Fri, Apr 11, 2014, Salz, Rich wrote:
This patch is a variant of what we've been using to help protect
customer keys for a decade.
Would you please elaborate on how it differs from what you've been using
in production?
OpenSSL is important to us, and this is the
Would you please elaborate on how it differs from what you've been using in
production?
Local platform issues, mainly. Conceptually, nothing different about the
security.
--
Principal Security Engineer
Akamai Technology
Cambridge, MA