On Fri, Feb 26, 2010 at 02:45:19AM +0100, Dr. Stephen Henson wrote:
> On Thu, Feb 25, 2010, Victor Duchovni wrote:
>
> >
> > If I field a patched server, and sufficiently many unpatched pre-0.9.8m
> > OpenSSL clients attempt re-negotiation under normal conditions, I have
> > a resource starvatio
On Thu, Feb 25, 2010, Victor Duchovni wrote:
>
> If I field a patched server, and sufficiently many unpatched pre-0.9.8m
> OpenSSL clients attempt re-negotiation under normal conditions, I have
> a resource starvation problem and unhappy users who are more annoyed at
> stuck connections than fail
On Thu, Feb 25, 2010 at 11:45:14PM +0100, Dr. Stephen Henson wrote:
> This isn't a DoS issue as such it's just the client sending a message and
> never getting the reply it expects. You'd get exactly the same behaviour by
> connecting to a server and either never sending any data or deliberately n
Tim Hudson wrote:
> Can you make a small test program which demonstrates this behaviour?
> Typically some cleanup code is being missed when this is sort of thing is
> raised; however a bit of test code makes it fairly easy to track down using
a
> combination of the malloc wrapper func
(Sorry for delay, thought I sent this Tue but apparently
it didn't go, and I wasn't in Wed.)
> From: owner-openssl-us...@openssl.org On Behalf Of Peter Lin
> Sent: Monday, 22 February, 2010 03:20
> I have a TLS server application which the old OpenSSL library
> has no problem
On Thu, Feb 25, 2010, Dr. Stephen Henson wrote:
> On Thu, Feb 25, 2010, Victor Duchovni wrote:
>
> OpenSSL clients treat the warning as fatal because there is no API provision
> to renegotiate and then continue if it is refused. So to be cautious we assume
> that if an application wants a renegot
On Thu, Feb 25, 2010, Victor Duchovni wrote:
>
> If I am reading this correctly, unpatched OpenSSL clients will definitely
> hang if the client initiates renegotiation to a patched server? If so,
> why not send a fatal alert (especially if non-buggy clients treat it
> as fatal)? What is the point
The documentation about renegotiation between an unpatched client and
a patched server reads:
Unpatched client and patched OpenSSL server
---
The initial connection suceeds but client renegotiation is denied
by the server with a B warning a
Rene Hollan wrote:
> I guess I'm just dense and stupid. Won't that fail since the CA
> IC cert won't be signed by the CA cert identified as it's issuer?
Yeah, I think you're right. I made the same mistake I was trying to convince
the OP not to make -- thinking that CAs sign certificates. The pub
Hello list,
On line 1014 in the code uploaded at http://pastebin.ca/1810624 the program
crashes. The relevant code snippet looks like this:
// Setup BIO's
stdoutBIO = BIO_new(BIO_s_file());
BIO_set_fp(stdoutBIO, stdout, BIO_NOCLOSE);
if (options->xmlOutput != 0)
{
fileBIO = BIO_new(BIO_s_file());
Mike Brennan wrote:
> The process's memory footprint increases linerally with connections,
> and this linear growth is quite constant. As David reports, memory seems
> to be allocated in multiples of 4K, but the linear memory growth is
> around 136 bytes per connection. I've confirmed this up to
I forgot to mention the important stuff:
OpenSSL 0.9.8l 5 Nov 2009
Visual C++ 2008 Express Edition
Windows 7 Enterprise (64-bit)
Best regards
Michael Boman
2010/2/25 Michael Boman
> Hello list,
>
> On line 1014 in the code uploaded at http://pastebin.ca/1810624 the
> program crashes. The relev
Hello,
This applies to internet connections with speeds of less than 0.75 Mb/s
(usually found on dial-up and slow performance DSL connections). Wtih faster
connections, no problems.
Using version 0.9.8k on the client and server, when uploading large data
streams from the client to the server u
I guess I'm just dense and stupid. Won't that fail since the CA IC cert won't
be signed by the CA cert identified as it's issuer?
-Original Message-
From: owner-openssl-us...@openssl.org on behalf of David Schwartz
Sent: Wed 2/24/2010 4:06 PM
To: openssl-users@openssl.org
Subject: RE: Si
Hi All,
Am running into a issue where I am trying to set FIPS_set_mode(1) in
shared library on HP PA64(11.11) system, but it fails with FINGER_PRINT
error. But if I set it in binary(executable) it works fine.
Any pointer really appreciated.
Regards,
--Vikram
15 matches
Mail list logo