Hi there,
Can you please unsubscribe anyone who posts on this subject again.
The participants should long ago have taken this debate off list.
It's degenerated into a discussion without any value whatsoever.
Kind regards
-paul
Hi
Can I ask exactly why you want two processes to share the same session?
I am working on an ssl offloading application which acts as an SSL terminator
and spits out plain-text HTML to several machines over which it can
load balance.
It works well, and it starts multiple processes - but at not
Can I ask what projects are shouting: we desperately need
MDC-2 in order to support XYZ protocol - please enable.
Also, a question from me: what is the criteria for including an
algorithm? At first glance it looks like OpenSSL contains a lot
of ciphers that nobody ever (?) uses.
Can people
This code has the comment
/* HACK - use text I/O functions in openssl and GMP to handle conversions. This
* is vile. */
I fixed this with the attached patch.
Not sure if we would really want to support all the permutations of
limb sizes differing between OpenSSL and GMP
Here I only support
So you had a bug in your code. So what?
No bug - read this:
http://www.unix.org/version2/whatsnew/threadspaper.ps :
Registration of fork handlers (pthread_atfork( )). The fork handlers are
routines that are to
be executed in association with calls to the fork( ) function. There are
three
Hi,
I have a BMC5825 card from Silicom that is supposed to do over
10'000 rsa per second.
In practice Proto Balance can do about 1900 fresh SSL connections
per second, on an Intel Core2 Duo 2.2Ghz. But I think more work
can vastly improve this.
(Without the card I get about 700 per second -
no I meant that I am already getting 2000/sec on the *server*.
By my calculations I should be able to get 3000/sec on the server
with the optimizations I want to do.
2000/sec is a good place to be, on a client. Expect less on a
server, unfortunately.
I replaced OPENSSL_cleanse() {...}
The answer is that if you're compiled single-threaded, it's perfectly
legal.
If you're multi-threaded, it's not.
err, nobody codes like this
find me an example in real-life code that is being used.
better yet, find me an example in OpenSSL.
Your other points I agree with however.
Let's
This behavior, by itself, does not necessary guarantee
that your OpenSSL library code won't race against itself,
won't corrupt its own data, or crash (hint: learn about
the MySQL case, search the archives).
it's own data?? - well this is exactly why I asked on this
list :-) I wanted to get a
I find it hard to believe that there exists a platform where:
On FreeBSD/OpenBSD my program outright core dumped and I could not
figure out why for days and days. Now I have two separate builds - one built
with -D_REENTRANT -DTHREADS ... -lpthread and one without.
Only with Linux do you have
On Jan 25, 2008 4:45 PM, Leandro Santi [EMAIL PROTECTED] wrote:
Tomas Mraz, 2008-01-24:
So IMO what Paul Sheer is doing - disabling all locking in OpenSSL given
that there won't be any static and/or global variables in the OpenSSL
code called is 100% safe thing if the threads do not share
So IMO what Paul Sheer is doing - disabling all locking in OpenSSL given
that there won't be any static and/or global variables in the OpenSSL
code called is 100% safe thing [] if [] the threads do not share
any data
manipulated within the OpenSSL library.
Quite a big
So IMO what Paul Sheer is doing - disabling all locking in OpenSSL given
that there won't be any static and/or global variables in the OpenSSL
code called is 100% safe thing if the threads do not share any data
manipulated within the OpenSSL library.
But that's not what he's doing. He's
I'm replying to David's email off-list...
-paul
On Jan 24, 2008 8:44 PM, David Schwartz [EMAIL PROTECTED] wrote:
But I must say that I believe that no-one has ever used OpenSSL
with 10'000 concurrent SSL objects.
Umm, what?! We've last tested to almost 16,384. Our first test to 10,000
Well my hybrid threaded app now seems to be stable - even under extreme
loads.
Here is what I did for others to refer:
Comments *most* welcome.
These steps allow me to link both builds of my program with the same
non-threaded
OpenSSL build. I.e. both the fork() and pthread_create() builds of my
IMO, writing security software by doing something that is specifically not
documented or guaranteed to work and then trying to fix every problem it
creates (at least, that you can find) is completely insane.
Ok, I managed to find another problem: error setting/getting (eg.
ERR_clear_error)
I valgrind'ed OpenSSL as follows:
I compiled OpenSSL (0.9.8g) with my own random number engine - in order to
generate
pseudo random numbers that are not based on unitialized values (if you run
openssl
without doing this you get infinite warnings - of course).
The results are as follows
Has anyone worked on supporting OffloadModExpo from within OpenSSL?
I.e. to allow a Windows SSL application to use OpenSSL instead of the
native windows crypto libraries, but still take advantage of the Windows
OffloadModExpo function. This would be useful if you have bought some
accelerator card
18 matches
Mail list logo