[openssl-users] Deactivation of client renegotiation particularily in OpenSSL 1.1.0

Hello,   I am referring to the DoS via repeated SSL session renegotiations (http://kalilinuxtutorials.com/thc-ssl-dos/).   Prior to OpenSSL 1.1.0 the approach to deactivate client renegotiation was to set the corresponding flag via a callback function, e.g. : --- SSL *connection; ... connecti

[openssl-users] Assertion in ssl_free_wbio_buffer() fails after unfinished handshake since OpenSSL 1.1.0

Hello,   we encountered a strange behaviour of OpenSSL 1.1.0 when our test with "sslscan" provokes an unfinished  handshake.   Our asynchronous communication approach uses memory BIOs in order to read/write data from other  communication layers into the SSL object. After the read/write operation

[openssl-users] OpenSSL 1.1.0 assertion failure: ssl_free_wbio_buffer()

Hello,   we encountered a strange behaviour of OpenSSL 1.1.0 when our test with "sslscan" provokes an unfinished  handshake. The problem exists since OpenSSL 1.1.0 - there were no problems with OpenSSL 1.0.2x.   Our asynchronous communication approach uses memory BIOs in order to read/write data fr