> These patches are known to apply correctly but have not been > thoroughly tested. As I understand it, OpenSSL will call abort() when it detects attack against any hole in SSL. It might be acceptable for process-per-connection situations like Apache, but when one process serves many connections it produces nice DoS. Yes, it's better than exploitable hole but still not acceptable. Arne ______________________________________________________________________ OpenSSL Project http://www.openssl.org Development Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]
- OpenSSL patches for other versions Ben Laurie
- Re: OpenSSL patches for other versions Arne Ansper
- Re: OpenSSL patches for other versi... Rich Salz
- Re: OpenSSL patches for other v... Arne Ansper
- Re: OpenSSL patches for oth... Rich Salz
- Re: OpenSSL patches for other versi... Bodo Moeller
- Re: OpenSSL patches for other versions Ademar de Souza Reis Jr.
- Re: OpenSSL patches for other versi... Vincent Danen
- Re: OpenSSL patches for other versi... kumar
- Re: OpenSSL patches for other v... Richard Levitte - VMS Whacker
- Re: OpenSSL patches for other versions Jeffrey Altman
- Re: OpenSSL patches for other versions Jeffrey Altman