> Is there really no use of LHASH tables in OpenSSL where an attacker > attempting a DoS attack can control the contents of the tables?
The only use of LHASH is in SSL_SESSION and X509_NAME, which use their own hashing functions, and are only used after the session and/or certs have been cryptographically verified. -- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev