I was developing an SSL client (with openssl-0.9.3a)
and found memory leaks when using RC4-MD5 (1024/128 bits).
HOWEVER, when I switched to "EXP-RC4-MD5" (512/40 bits),
there are NO leaks.
The best way to reproduce the leaks is to run 's_time'
for a long time. (Use 'top' to monitor its memory SIZE)
./openssl s_time -connect "host:port" -ssl3 -cipher "RC4-MD5" -new
-time 1800
The following un-exportable ciphers produces leaks in 's_time':
DES-CBC3-SHA SSLv3 Kx=RSA Au=RSA Enc=3DES(168) Mac=SHA1
IDEA-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=IDEA(128) Mac=SHA1
RC4-SHA SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=SHA1
RC4-MD5 SSLv3 Kx=RSA Au=RSA Enc=RC4(128) Mac=MD5
DES-CBC-SHA SSLv3 Kx=RSA Au=RSA Enc=DES(56) Mac=SHA1
The following exportable ciphers do NOT produces leaks:
EXP-DES-CBC-SHA SSLv3 Kx=RSA(512) Au=RSA Enc=DES(40) Mac=SHA1 export
EXP-RC2-CBC-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC2(40) Mac=MD5 export
EXP-RC4-MD5 SSLv3 Kx=RSA(512) Au=RSA Enc=RC4(40) Mac=MD5 export
Can someone help me to get a patch or show me a workaround?
Many thanks.
-- Greg
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List [EMAIL PROTECTED]
Automated List Manager [EMAIL PROTECTED]
