Re: TLS/SSL Re-Negotiation Vulnerability [CVE-2011-1473]

Hi, The following blog post explains different mitigation techniques for this vulnerability and among them is Rate Limiting : http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html#rate_limiting_ssl_handshakes I hope this will help. Cheers, -- Mounir IDRASSI IDRIX http://www.idrix.fr O

Re: Problems with including zlib

On Tue December 27 2011, Michael S. Zick wrote: > On Tue December 27 2011, Michael S. Zick wrote: > > On Tue December 27 2011, Jakob Bohm wrote: > > > On 12/26/2011 1:31 AM, Michael S. Zick wrote: > > > > On Sun December 25 2011, jb-open...@wisemo.com wrote: > > > >> Merry Christmas, and thanks to

Re: Problems with including zlib

On Tue December 27 2011, Michael S. Zick wrote: > On Tue December 27 2011, Jakob Bohm wrote: > > On 12/26/2011 1:31 AM, Michael S. Zick wrote: > > > On Sun December 25 2011, jb-open...@wisemo.com wrote: > > >> Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld > > >> specific > >

Re: Problems with including zlib

On Tue December 27 2011, Jakob Bohm wrote: > On 12/26/2011 1:31 AM, Michael S. Zick wrote: > > On Sun December 25 2011, jb-open...@wisemo.com wrote: > >> Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld > >> specific > >> option to do this in manually written Makefiles. > >> > >

Re: Supporting oldwithold, newwithnew CA certificates Reg.

Sorry for spamming, a small correction here. Scenario 3 is also failing and not successful as indicated in my earlier email. *Scenario 3:* openssl s_server -cert neweecert.pem -key neweekey.pem openssl s_client -CAfile /root/certs/cacerts/oldcacert.pem Result: Connection failure. Regds, A

Re: Supporting oldwithold, newwithnew CA certificates Reg.

Thanks Dave. But regarding this: >>Important note: make sure the old and new root certs have different names. (Same for intermediate CAs, which your example doesn't have.) OpenSSL looks-up using Issuer name only. It *verifies* AKI if present, and of course uses subjectkey to verify child and thus g

observing a crash while doing ssl_connect

Hello Sir/Madam, I am seeing a crash while authenticating through open ldap on linux 5.5 x86-64. The application is 32 bit multithreaded. I am using openssl0.9.8e version. Below is stack trace for same *** glibc detected *** ./cserver: free(): invalid pointer: 0xf47fa858 *** === Backtrace:

Re: Problems with including zlib

On 12/26/2011 1:31 AM, Michael S. Zick wrote: On Sun December 25 2011, jb-open...@wisemo.com wrote: Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld specific option to do this in manually written Makefiles. My replies below are about how to achieve this without GNU specific