Hi,
The following blog post explains different mitigation techniques for
this vulnerability and among them is Rate Limiting :
http://vincent.bernat.im/en/blog/2011-ssl-dos-mitigation.html#rate_limiting_ssl_handshakes
I hope this will help.
Cheers,
--
Mounir IDRASSI
IDRIX
http://www.idrix.fr
O
On Tue December 27 2011, Michael S. Zick wrote:
> On Tue December 27 2011, Michael S. Zick wrote:
> > On Tue December 27 2011, Jakob Bohm wrote:
> > > On 12/26/2011 1:31 AM, Michael S. Zick wrote:
> > > > On Sun December 25 2011, jb-open...@wisemo.com wrote:
> > > >> Merry Christmas, and thanks to
On Tue December 27 2011, Michael S. Zick wrote:
> On Tue December 27 2011, Jakob Bohm wrote:
> > On 12/26/2011 1:31 AM, Michael S. Zick wrote:
> > > On Sun December 25 2011, jb-open...@wisemo.com wrote:
> > >> Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld
> > >> specific
> >
On Tue December 27 2011, Jakob Bohm wrote:
> On 12/26/2011 1:31 AM, Michael S. Zick wrote:
> > On Sun December 25 2011, jb-open...@wisemo.com wrote:
> >> Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld
> >> specific
> >> option to do this in manually written Makefiles.
> >>
> >
Sorry for spamming, a small correction here.
Scenario 3 is also failing and not successful as indicated in my earlier
email.
*Scenario 3:*
openssl s_server -cert neweecert.pem -key neweekey.pem
openssl s_client -CAfile /root/certs/cacerts/oldcacert.pem
Result: Connection failure.
Regds,
A
Thanks Dave.
But regarding this:
>>Important note: make sure the old and new root certs have different
names. (Same for intermediate CAs, which your example doesn't have.)
OpenSSL looks-up using Issuer name only. It *verifies* AKI if present,
and of course uses subjectkey to verify child and thus g
Hello Sir/Madam,
I am seeing a crash while authenticating through open ldap on linux 5.5 x86-64.
The application is 32 bit multithreaded.
I am using openssl0.9.8e version.
Below is stack trace for same
*** glibc detected *** ./cserver: free(): invalid pointer: 0xf47fa858 ***
=== Backtrace:
On 12/26/2011 1:31 AM, Michael S. Zick wrote:
On Sun December 25 2011, jb-open...@wisemo.com wrote:
Merry Christmas, and thanks to Michael for pointing out a GNU gcc/ld
specific
option to do this in manually written Makefiles.
My replies below are about how to achieve this without GNU specific