RE: DTLS aborts

2014-07-22 Thread Brian Hassink
] Sent: Monday, July 21, 2014 2:44 PM To: openssl-users@openssl.org Subject: RE: DTLS aborts Is the development team aware of this? Should we open an RT? Please open an RT. -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: HYPERLINK mailto:rs...@jabber.mers

Re: DTLS aborts

2014-07-22 Thread Jeffrey Walton
On Tue, Jul 22, 2014 at 9:42 AM, Brian Hassink brian.hass...@oracle.com wrote: ... I sent an email to r...@openssl.org yesterday, shortly after receiving the reply below, but received nothing in return and did not see a forward on openssl-...@openssl.org. I'm not sure if the bug report is

RE: DTLS aborts

2014-07-22 Thread Jeremy Farrell
From: Jeffrey Walton [mailto:noloa...@gmail.com] Sent: Tuesday, July 22, 2014 3:03 PM On Tue, Jul 22, 2014 at 9:42 AM, Brian Hassink brian.hass...@oracle.com wrote: ... I sent an email to r...@openssl.org yesterday, shortly after receiving the reply below, but received nothing in

Re: DTLS aborts

2014-07-22 Thread Jeffrey Walton
However, the devs actively monitor the queue. See https://www.openssl.org/about/roadmap.html and https://groups.google.com/forum/#!msg/mailing.openssl.users/mDrMrd3zOuQ/BRS_VLZB_mYJ. That's only useful if a new report finds its way onto the queue. Lack of email suggests that this one hasn't,

RE: DTLS aborts

2014-07-22 Thread Salz, Rich
My guess (and its purely speculation) is the report is being held because of security considerations. I don't believe so; there's no filter on email sent to rt. Interestingly, there are a few bugs created a day ago, and then a few created four days ago. Looks like mail got lost or is

RE: DTLS aborts

2014-07-22 Thread Brian Hassink
Just got a reply on the RT about 10 minutes ago :) Looks like things are just slow. -Brian -Original Message- From: Salz, Rich [mailto:rs...@akamai.com] Sent: Tuesday, July 22, 2014 5:22 PM To: openssl-users@openssl.org Subject: RE: DTLS aborts My guess (and its purely speculation

Re: DTLS aborts

2014-07-22 Thread Matt Caswell
On 22/07/14 22:21, Salz, Rich wrote: My guess (and its purely speculation) is the report is being held because of security considerations. I don't believe so; there's no filter on email sent to rt. Interestingly, there are a few bugs created a day ago, and then a few created four days

DTLS aborts

2014-07-21 Thread Brian Hassink
Hello all, We recently did some negative testing against OpenSSL 1.0.1e, with a focus on DTLS, and observed that the library, running on the peer, could be made to abort by simply disconnecting during the handshake process. The abort is due to a getsockopt() or setsockopt() call failing

RE: DTLS aborts

2014-07-21 Thread Salz, Rich
Is the development team aware of this?  Should we open an RT? Please open an RT. -- Principal Security Engineer Akamai Technologies, Cambridge, MA IM: rs...@jabber.me; Twitter: RichSalz __ OpenSSL Project