You might do better if you didn't post HTML to a text based mailing list. The patches posted to this mailing list come from an OpenSSL team member. They are similar to the patches that were incorporated into the current distributions of 0.9.6e and 0.9.7-beta3. The patches utilize the OpenSSLDie() function to cause the problem to terminate if one of the attack conditions is detected. This provides attackers with an easy denial of service attack against your application. Patches for 0.9.5a that avoid the DoS have not been issued. If you wish to continue using 0.9.5a you will need to back port the resulting subsequent fixes yourself.
Jeffrey Altman * Sr.Software Designer Kermit 95 2.0 GUI available now!!! The Kermit Project @ Columbia University SSH, Secure Telnet, Secure FTP, HTTP http://www.kermit-project.org/ Secured with MIT Kerberos, SRP, and [EMAIL PROTECTED] OpenSSL. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
