New submission from Cory Benfield:
Originally raised by Ben Bangert on the python-dev mailing list.
It turns out that OpenSSL has a mode setting, SSL_MODE_RELEASE_BUFFERS, that
can be set by a call to SSK_CTX_set_mode. This mode can potentially reduce
connection overhead by nearly 18kB *per
Cory Benfield added the comment:
Oh, one further requirement: we should *not* set this mode for OpenSSL releases
1.x through 1.0.1g, which have a NULL pointer dereference vulnerability (CVE
2014-0198). Thanks to Marc-Andre Lemburg for spotting this.
See also: