On Thu, Oct 23, 2008 at 02:12:45PM -0700, Julian wrote:
> Never ship a Shared OpenSSL library. Anyone can rebuild it to output
> the socket buffer to disk prior to encryption and replace yours.
This risk model is not often realistic. If the administrator of the
machine is your adversary, you're toast whether the library is shared
or not. Shared libraries are fine, and make patching easier when the
library and application are maintained separately.
--
Viktor.
______________________________________________________________________
OpenSSL Project http://www.openssl.org
User Support Mailing List openssl-users@openssl.org
Automated List Manager [EMAIL PROTECTED]
